Menu

Token Based JAR Signing - Windows

Jan 7, 2026

OVERVIEW: This page walks you through the process of token-based JAR Code Signing in Windows platform. At the completion of this procedure, you will be able to sign a JAR file in Windows platform. For more Code Signing guidelines, please refer to this page

 

SUGGESTION: Only if the timestamp trust chain does not validate, then import R6-R45 timestamp cross certificate in Java root CA certificate store. You can use this command line for the purpose: keytool -import -trustcacerts -alias myrootcert -file "C:\path\to\your\root_certificate.cer" -keystore "C:\path\to\your\cacerts"

 

 

Configuring your JDK

  1. Install the 32-bit JDK and locate the JDK bin folder. Note: The default location is "C:\Program Files (x86)\Java\jdk1.X.X_XXX\bin".

    Step 1.jpg

  2. Using notepad or notepad++, create a file named eToken.cfg in the bin folder with the following content as shown below.

    jartokenbased_2.jpg

  3. Save the eToken.cfg in the bin folder.

Windows JAR Signing

  1. Run the command prompt as administrator. Then navigate to the "jdkx.x.x_xxx\bin" directory where the JarSigner and KeyTool are located, as well as the eToken.cfg file you created.

    Windows JAR Signing jartokenbased_1.jpg

  2. Confirm your certificate alias with the following command: 
    keytool -list -keystore NONE -storetype PKCS11 -providerclass sun.security.pkcs11.SunPKCS11 -providerArg eToken.cfg
    Enter your keystore passphrase (token password) when prompted.

  3. Sign the JAR file using the following command:
    jarsigner -keystore NONE -storetype PKCS11 -tsa http://timestamp.globalsign.com/tsa/r45standard -providerClass sun.security.pkcs11.SunPKCS11 -providerArg eToken.cfg /directory/test.jar "certificateAlias"
    Enter your keystore passphrase (token password) when prompted. Then, wait for the output indicating "jar signed".

    Windows JAR Signing jartokenbased_3.jpg

  4. Verify the signature by using the following command:
    jarsigner -verify -verbose /directory/test.jar
    You should be getting an output similar to the image below with "jar verified" at the end.

    Windows JAR Signing jartokenbased_4.jpg

Related Articles

Code Signing Best Practices

Mar 2, 2020, 6:33 AM

GlobalSign recommends that developers follow best practices for the Code Signing process and for securely generating and storing private keys.

Read More

Order EV Code Signing Certificate (HSM-Based)

Mar 2, 2020, 6:51 AM

Read More

Download and Install Code Signing Certificate (HSM-Based)

Mar 2, 2020, 7:10 AM

This page walks you through the process of downloading and installing you GlobalSign Code Signing Certificate using HSM. At the completion of this procedure, your Certificate will be ready to place signatures on drivers, executables, and other files.

Read More

GlobalSign System Alerts

View recent system alerts.

View Alerts

Atlas Discovery

Scan your endpoints to locate all of your Certificates.

Sign Up

SSL Configuration Test

Check your certificate installation for SSL issues and vulnerabilities.

Contact Support