How to sign .jar file with A3 certificate?

1

I'm developing a web project and I needed to develop a applet with the Java language for some functions.

Browsers are complaining about the security issue, and by searching, I have discovered that I have to digitally sign the .jar file. While still searching, I've checked that I can auto-subscribe, but the browser can still claim.

I have a digital certificate A3 and I would like to sign applet with it, but I can not access it with the indicator methods in keytool and jarsigner .

How can I sign this file using a A3 certificate?

    
asked by anonymous 20.01.2016 / 12:50

1 answer

1

Hello,

First, we need to create a configuration file that will determine the location of the Token or Smartcard driver. Create a token.cfg name file in your workbook.

The following is the content that should be placed in this file. The name and description fields may contain text of your choice, but the library field should point to the location of the device driver. p>

  

name = Provider
  description = Token Pro Blue
  library = /usr/lib/libeTPkcs11.so

For use in Windows the library field should contain the dll path for the token driver as the example below:

>
  

name = Provider
  description = Token Pro Blue
  library = C: \ Windows \ System32 \ eTPKCS11.dll

The Token or Smartcard may contain one or more certificates, each associated with a nickname. Before we begin the subscription, we need to find out the nickname of the certificate that will be used for the subscription. To do this, let's run the following command line. The PASSWORD field should be replaced with your Pin.

  

keytool -keystore NONE -storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -providerArg token.cfg -storepass PASSWORD -list

After you execute this command, the list of nicknames is displayed. below is an example of the expected result.

  

(eTCAPI) HUMBERTO DE MELO PACHECO's ICP-Brasil ID

We can now proceed to the signing of the artifact using the command line below. The parameters to be changed are as follows.

  • PASSWORD, the Token Pin or SmartCard.
  • DSANAME, the name of the file that contains the signatures of the classes. This attribute is optional.
  • JARFILESIGNED, the filename generated after the signature.
  • JARFILE, the name of the file to be signed.
  • ALIAS, the alias of the certificate to be used, obtained in the previous step.
  

jarsigner -keystore NONE -storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -providerArg token.cfg -storepass PASSWORD -sigfile DSANAME -signedjar JARFILESIGNED -verbose JARFILE "ALIAS"

References:
Signing an artifact with Token or SmartCard - Demoiselle Framework

    
20.01.2016 / 19:23