Requirements:
Several tasks need to be completed before signing the codes
These tasks can be found on the Home screen. To view the requirement tasks, follow the steps below:
1. Login to your ECS portal
2. On your Home screen, click on the Get Started Tab.
3. On the left column, click on Signing Automation Service. Complete the requirement steps in sequence.
4. You may click on the Signing Automation Service Documentation as the reference.
5. Java Development Kit installed and working correctly.
Step by step to sign the Java codes using CSaaS:
1. Create csaas.cfg file. You only need to create this file once.
In any line editor (Notepad, for example), create a text file containing the lines below and save it to your JDK bin folder (for example, C:\Program Files (x86)\Java\jre1.8.0_65\bin) as csaas.cfg. Note: You must use a double-backslash ( \\ )for an absolute path.
name = Entrust
library=C:\\Program Files\\Entrust\\SigningClient\\P11SigningClient64.dll
2. In the command prompt, type Signingclient
This step ensures that the Signing Client Tool is installed correctly and working. The correct result is shown in the screenshot below.
3. Find your private key alias name for the private key in your SAS environment. You can run the command:
signingclient list keys
You should see the label name, which will be your alias. In this example, the label name is
Staging SG team
4. You are ready to sign the Java jar codes. Enter the following command:
jarsigner -tsa http://timestamp.entrust.net/rfc3161ts2 -verbose -keystore NONE -storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -providerArg <your config file> <your codes> <your ALIAS> -storepass <your private keystore password>
Descriptions
<your config file> | The configuration file for the SAS environment. In this example: csaas.cfg |
<your codes> | Your own Java codes. In this example: testsign.jar |
<your ALIAS> |
Your alias name/friendly name/label.
In this example, the alias name is Staging SG team The alias name is case-sensitive. |
<your private key store password> |
The private key store password you created while activating the signing client license.
In this example, the password is entrust This switch is optional. |
Example
jarsigner -tsa http://timestamp.entrust.net/rfc3161ts2 -verbose -keystore NONE -storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -providerArg csaas.cfg c:\test\testsign.jar "Staging SG Team"
5. You can run the
verify
command below to ensure the code signing has been performed successfully.
jarsigner -verify -verbose <your file name>
Example:
jarsigner -verify -verbose c:\test\testsign.jar
You should see
the
jar verified
line if you signed your codes successfully.