Skip to main content

How to sign Java codes with Entrust CSaaS (Code Signing as a Service)

User-added image

Requirements:

Several tasks need to be completed before signing the codes

These tasks can be found on the Home screen. To view the requirement tasks, follow the steps below:

1. Login to your ECS portal

2. On your Home screen, click on the Get Started Tab.

3. On the left column, click on Signing Automation Service. Complete the requirement steps in sequence.

4. You may click on the Signing Automation Service Documentation as the reference.

5. Java Development Kit installed and working correctly.

Step by step to sign the Java codes using CSaaS:

1. Create csaas.cfg file. You only need to create this file once.

In any line editor (Notepad, for example), create a text file containing the lines below and save it to your JDK bin folder (for example, C:\Program Files (x86)\Java\jre1.8.0_65\bin) as csaas.cfg. Note: You must use a double-backslash ( \\ )for an absolute path.

name = Entrust
library=C:\\Program Files\\Entrust\\SigningClient\\P11SigningClient64.dll

2. In the command prompt, type Signingclient

This step ensures that the Signing Client Tool is installed correctly and working. The correct result is shown in the screenshot below.
User-added image

3. Find your private key alias name for the private key in your SAS environment. You can run the command:

signingclient list keys

You should see the label name, which will be your alias. In this example, the label name is Staging SG team
User-added image

4. You are ready to sign the Java jar codes. Enter the following command:

jarsigner -tsa http://timestamp.entrust.net/rfc3161ts2 -verbose -keystore NONE -storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -providerArg <your config file> <your codes> <your ALIAS> -storepass <your private keystore password>

Descriptions

<your config file> The configuration file for the SAS environment. In this example: csaas.cfg
<your codes> Your own Java codes. In this example: testsign.jar
<your ALIAS> Your alias name/friendly name/label.
In this example, the alias name is Staging SG team

The alias name is case-sensitive.
<your private key store password> The private key store password you created while activating the signing client license.
In this example, the password is entrust

This switch is optional.

Example

jarsigner -tsa http://timestamp.entrust.net/rfc3161ts2 -verbose -keystore NONE -storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -providerArg csaas.cfg c:\test\testsign.jar "Staging SG Team"

User-added image


5. You can run the verify command below to ensure the code signing has been performed successfully.

jarsigner -verify -verbose <your file name>

Example:

jarsigner -verify -verbose c:\test\testsign.jar

You should see the jar verified line if you signed your codes successfully.
User-added image



Attachments