The Java Archive (JAR) package format can be used for packaging Java applications and libraries.

The format is also used for related technologies, such as Java Applets and Web Start applications, and for technologies such as Android apps and for plugins to different applications etc.

Signed JAR files can optionally include a time-stamp response from a TSA using the RFC#3161 format.

Adding a JAR Signer

The JAR signer in SignServer is called JArchive Signer.

To add a JArchive Signer follow the steps described in the Adding a Plain Signer section but use the template called

Using the JArchive Signer

The different methods for submitting a file to be signed described in the section Using the Plain Signer apply for submitting JAR files. For examples, see Plain Signing.

Verifying a Signed JAR File

The Java jarsigner tool can be used to verify the signatures and certificates of JAR files. The tool is available in the Java Development Kit (JDK).

After installing the JDK, open a command prompt, and execute the command (as User) with the path to the signed file:

Jarsigner Verification Example

jarsigner -verify -strict MyJAR-signed.jar  

To get additional information, as well as the certificates, also specify the options -verbose and -certs.

JArchive Signer Options

The most relevant properties to configure for the JArchive Signer are:

Worker Property



Specifying the algorithm used to use for the signature.

Example: SHA256withRSA


Algorithm for the digest of the file entries and the manifest.

Example: SHA-256


True if existing signature files should be kept.


True if an existing signature with the same name should be overwritten and not fail with an error.


The type of signature name to use. With the type VALUE, the name is taken from the SIGNATURE_NAME_VALUE property. With the type KEYALIAS, the name is taken from the key alias of the key used to sign the response.


True if the offset at which each file entry's data starts should be aligned to 4 bytes. Use this for Android apps.


Worker ID or name of internal timestamp signer in the same SignServer if time-stamping should be used and with a time-stamp signer in SignServer.
Example: TimeStampSigner1


URL of external timestamp authority if time-stamping should be used and with an external TSA.

For all available properties, refer to the SignServer documentation on JArchive Signer.