Running Jarsigner
Run the following command to generate the timestamped signature of a Java file with Jarsigner.
jarsigner -tsa http://timestamp.entrust.net/rfc3161ts2 -verbose -keystore NONE -storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -providerArg "C:\Program Files\Java\jdk-17\bin\csaas.cfg" <jar> <token> -storepass <storepass>Where:
<jar> is the path of the Java file
<token> is the Token ID value returned by the signingclient config list command.
<storepass> is the password for accessing the signing key.
For example:
>jarsigner -tsa http://timestamp.entrust.net/rfc3161ts2 -verbose -keystore NONE -storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -providerArg "C:\Program Files\Java\jdk-17\bin\csaas.cfg" Main.jar myuser -storepass mypassrequesting a signature timestampTSA location: http://timestamp.entrust.net/rfc3161ts2updating: META-INF/MANIFEST.MF adding: META-INF/CSAASDEM.SF adding: META-INF/CSAASDEM.RSA signing: HelloWorld/Main.class >>> Signer X.509, CN=Entrust Limited, SERIALNUMBER=1000492879, OID.2.5.4.15=Private Organization, O=Entrust Limited, OID.1.3.6.1.4.1.311.60.2.1.2=Ontario, OID.1.3.6.1.4.1.311.60.2.1.3=CA, L=Ottawa, ST=Ontario, C=CA Signature algorithm: SHA256withRSA, 4096-bit key [certificate is valid from 8/16/23, 1:07 PM to 8/16/24, 1:07 PM] X.509, CN=Entrust Extended Validation Code Signing CA - EVCS2, O="Entrust, Inc.", C=US Signature algorithm: SHA512withRSA, 4096-bit key [certificate is valid from 5/7/21, 7:19 PM to 12/29/40, 11:59 PM] X.509, CN=Entrust Code Signing Root Certification Authority - CSBR1, O="Entrust, Inc.", C=US Signature algorithm: SHA256withRSA, 4096-bit key [certificate is valid from 5/7/21, 3:43 PM to 11/7/30, 4:13 PM]>>> TSA X.509, CN=Entrust Timestamp Authority - TSA2, O="Entrust, Inc.", L=Ottawa, ST=Ontario, C=CA Signature algorithm: SHA512withRSA, 4096-bit key [certificate is valid from 10/4/22, 5:22 PM to 1/1/29, 12:00 AM] X.509, CN=Entrust Time Stamping CA - TS2, O="Entrust, Inc.", C=US Signature algorithm: SHA512withRSA, 4096-bit key [certificate is valid from 5/7/21, 7:22 PM to 12/29/40, 11:59 PM] X.509, CN=Entrust Code Signing Root Certification Authority - CSBR1, O="Entrust, Inc.", C=US Signature algorithm: SHA256withRSA, 4096-bit key [certificate is valid from 5/7/21, 3:43 PM to 11/7/30, 4:13 PM] jar signed. The signer certificate will expire on 2024-08-16.The timestamp will expire on 2029-01-01.