Entrust Signing Automation Service - User Guide [PDF]

Run the following command to generate the timestamped signature of a Java file with Jarsigner.

jarsigner -tsa http://timestamp.entrust.net/rfc3161ts2 -verbose -keystore NONE -storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -providerArg "C:\Program Files\Java\jdk-17\bin\csaas.cfg" <jar> <token> -storepass <storepass>

Where:

<jar> is the path of the Java file
<token> is the Token ID value returned by the signingclient config list command.
<storepass> is the password for accessing the signing key.

For example:

>jarsigner -tsa http://timestamp.entrust.net/rfc3161ts2 -verbose -keystore NONE -storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -providerArg "C:\Program Files\Java\jdk-17\bin\csaas.cfg" Main.jar myuser -storepass mypass
 
requesting a signature timestamp
 
TSA location: http://timestamp.entrust.net/rfc3161ts2
 
updating: META-INF/MANIFEST.MF
 
   adding: META-INF/CSAASDEM.SF
 
   adding: META-INF/CSAASDEM.RSA
 
  signing: HelloWorld/Main.class 
 
>>> Signer
 
    X.509, CN=Entrust Limited, SERIALNUMBER=1000492879, OID.2.5.4.15=Private Organization, O=Entrust Limited, OID.1.3.6.1.4.1.311.60.2.1.2=Ontario, OID.1.3.6.1.4.1.311.60.2.1.3=CA, L=Ottawa, ST=Ontario, C=CA
 
    Signature algorithm: SHA256withRSA, 4096-bit key
 
    [certificate is valid from 8/16/23, 1:07 PM to 8/16/24, 1:07 PM]
 
    X.509, CN=Entrust Extended Validation Code Signing CA - EVCS2, O="Entrust, Inc.", C=US
 
    Signature algorithm: SHA512withRSA, 4096-bit key
 
    [certificate is valid from 5/7/21, 7:19 PM to 12/29/40, 11:59 PM]
 
    X.509, CN=Entrust Code Signing Root Certification Authority - CSBR1, O="Entrust, Inc.", C=US
 
    Signature algorithm: SHA256withRSA, 4096-bit key
 
    [certificate is valid from 5/7/21, 3:43 PM to 11/7/30, 4:13 PM]
 
>>> TSA
 
    X.509, CN=Entrust Timestamp Authority - TSA2, O="Entrust, Inc.", L=Ottawa, ST=Ontario, C=CA
 
    Signature algorithm: SHA512withRSA, 4096-bit key
 
    [certificate is valid from 10/4/22, 5:22 PM to 1/1/29, 12:00 AM]
 
    X.509, CN=Entrust Time Stamping CA - TS2, O="Entrust, Inc.", C=US
 
    Signature algorithm: SHA512withRSA, 4096-bit key
 
    [certificate is valid from 5/7/21, 7:22 PM to 12/29/40, 11:59 PM]
 
    X.509, CN=Entrust Code Signing Root Certification Authority - CSBR1, O="Entrust, Inc.", C=US
 
    Signature algorithm: SHA256withRSA, 4096-bit key
 
    [certificate is valid from 5/7/21, 3:43 PM to 11/7/30, 4:13 PM] 
 
jar signed. 
 
The signer certificate will expire on 2024-08-16.
 
The timestamp will expire on 2029-01-01.