How to sign file . jar with A3 certificate?

Asked

Viewed 1,222 times

1

I’m developing a web project and I needed to develop a applet with the language Java for some functions.

The browsers are complaining about the security issue and, researching, I found that I have to digitally sign the file .jar. Still searching, I checked that I can make a self-signature, but the browser may still claim.

I have a digital certificate A3 and would like to sign the applet with it, but I can’t access it with the indicator methods in the keytool and in the jarsigner.

How can I sign this file using a certificate A3?

1 answer

1


Hello,

First, we need to create a configuration file that will determine the location of the Token or Smartcard driver. Create a name file token.cfg in your workbook.

The following are the contents that should be placed in this file. The fields name and Description may contain a text of your choice, but the library should point to the driver location of the device.

name = Provider
Description = Token Pro Blue
library = /usr/lib/libeTPkcs11.so

For use in Windows the field library must contain the path to dll concerning the driver of the token as the example below:

name = Provider
Description = Token Pro Blue
library = C: Windows System32 eTPKCS11.dll

The Token or Smartcard may contain one or more certificates, each of which is associated with a nickname. Before we start signing, we need to find out which nickname of the certificate will be used for the signature. To do this, let’s run the following command line. The PASSWORD field must be replaced by your Pin.

keytool -Keystore NONE -storetype PKCS11 -providerClass sun.security.pkcs11.Sunpkcs11 -providerArg token.cfg -storepass PASSWORD -list

After this command is executed, the list of aliases will be displayed. below is an example of the expected result.

(eTCAPI) HUMBERTO DE MELO PACHECO’s ICP-Brasil ID

We can now proceed to the signature of the artifact using the command line below. The parameters to be changed are as follows:.

  • PASSWORD, Token or Smartcard Pin.
  • DSANAME, the name of the file containing the signatures of the classes. This attribute is optional.
  • JARFILESIGNED, the name of the file generated after signing.
  • JARFILE, the file name to be signed.
  • ALIAS means the surname of the certificate to be used obtained in the previous step.

jarsigner -keystore NONE -storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -providerArg token.cfg -storepass PASSWORD -sigfile DSANAME -signedjar JARFILESIGNED -verbose JARFILE "ALIAS"

References:
Signing an artifact with Token or Smartcard - Demoiselle Framework

Browser other questions tagged

You are not signed in. Login or sign up in order to post.