The Java Archive (JAR) package format can be used for packaging Java applications and libraries.
The format is also used for related technologies, such as Java Applets and Web Start applications, and for technologies such as Android apps and for plugins to different applications etc.
Signed JAR files can optionally include a time-stamp response from a TSA using the RFC#3161 format.
Adding a JAR Signer
The JAR signer in SignServer is called JArchive Signer.
To add a JArchive Signer follow the steps described in the Adding a Plain Signer section but use the template called jarchive_signer.properties.
Using the JArchive Signer
The different methods for submitting a file to be signed described in the section Using the Plain Signer apply for submitting JAR files. For examples, see Plain Signing.
Verifying a Signed JAR File
The Java jarsigner tool can be used to verify the signatures and certificates of JAR files. The tool is available in the Java Development Kit (JDK).
After installing the JDK, open a command prompt, and execute the command (as User) with the path to the signed file:
Jarsigner Verification Example
jarsigner -verify -strict MyJAR-signed.jar
To get additional information, as well as the certificates, also specify the options
JArchive Signer Options
The most relevant properties to configure for the JArchive Signer are:
Specifying the algorithm used to use for the signature.
Algorithm for the digest of the file entries and the manifest.
True if existing signature files should be kept.
True if an existing signature with the same name should be overwritten and not fail with an error.
The type of signature name to use. With the type VALUE, the name is taken from the SIGNATURE_NAME_VALUE property. With the type KEYALIAS, the name is taken from the key alias of the key used to sign the response.
True if the offset at which each file entry's data starts should be aligned to 4 bytes. Use this for Android apps.
Worker ID or name of internal timestamp signer in the same SignServer if time-stamping should be used and with a time-stamp signer in SignServer.
URL of external timestamp authority if time-stamping should be used and with an external TSA.
For all available properties, refer to the SignServer documentation on JArchive Signer.