Code Signing *.jars using DoD PKI Hard token
I am at my wits end and will try Experts Exchange for once. Is there any guidance on how to code sign *.jar files using DoD PKI hard card. The Code Signing certificate is embedded in the card once I get it, however, how do I use the card to sign my *.jar files?
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
maybe of interest - see "Java Keystore". it uses jarsigner and pfx to sign .jar file. however, CAC (or smart card) is not supposed to have private key exported hence you will not have pfx.
http://www.ewert-technologies.ca/blog/articles/cross-platform-code-signing
challenge is how to create and link the keystore used for signing to CAC.
there is an old article series (see pg1,2 and 3) on smart card in general using pkcs#11 which you should take a look first for general smartcard
Pg1-http://www.developer.com/java/other/article.php/3587361/Java-Applet-for-Signing-with-a-Smart-Card.htm
Pg2-http://www.developer.com/java/other/article.php/10936_3587361_2/Java-Applet-for-Signing-with-a-Smart-Card.htm
pg3-http://www.developer.com/java/other/article.php/10936_3587361_3/Java-Applet-for-Signing-with-a-Smart-Card.htm
Specifically the pkcs#11 is using Sun java library seems to be the common way for java. Closest I can find for such java codes (2 links) to CAC are stated below which can be useful ref.
//Create our certificates from our CAC Card
String configName = "card.config";
Provider p = new sun.security.pkcs11.SunPKC
Security.addProvider(p);
http://stackoverflow.com/questions/752890/how-to-connect-to-https-server-using-common-access-card/753129#753129
http://stackoverflow.com/questions/544056/common-access-card-cac-authentication-using-java
You can check this out this section "Signing and Verification with the On-Card Certificate" for the signing as well, but it will be rather similar as above (pg1-3) links
http://rostislav-matl.blogspot.sg/2012/04/using-smart-card-as-keystore-in-java.html
Hope it helps...Personally never done that ....
http://www.ewert-technologies.ca/blog/articles/cross-platform-code-signing
challenge is how to create and link the keystore used for signing to CAC.
there is an old article series (see pg1,2 and 3) on smart card in general using pkcs#11 which you should take a look first for general smartcard
Pg1-http://www.developer.com/java/other/article.php/3587361/Java-Applet-for-Signing-with-a-Smart-Card.htm
Pg2-http://www.developer.com/java/other/article.php/10936_3587361_2/Java-Applet-for-Signing-with-a-Smart-Card.htm
pg3-http://www.developer.com/java/other/article.php/10936_3587361_3/Java-Applet-for-Signing-with-a-Smart-Card.htm
Specifically the pkcs#11 is using Sun java library seems to be the common way for java. Closest I can find for such java codes (2 links) to CAC are stated below which can be useful ref.
//Create our certificates from our CAC Card
String configName = "card.config";
Provider p = new sun.security.pkcs11.SunPKC
Security.addProvider(p);
http://stackoverflow.com/questions/752890/how-to-connect-to-https-server-using-common-access-card/753129#753129
http://stackoverflow.com/questions/544056/common-access-card-cac-authentication-using-java
You can check this out this section "Signing and Verification with the On-Card Certificate" for the signing as well, but it will be rather similar as above (pg1-3) links
http://rostislav-matl.blogspot.sg/2012/04/using-smart-card-as-keystore-in-java.html
Hope it helps...Personally never done that ....
btan answers how to use java to sign a document or similar, but I think the actual question is, how to sign a *.jar file (e.g. a Java applet) using a code signing certificate stored on a smartcard.
Maybe this will help:
https://stackoverflow.com/
Maybe this will help:
https://stackoverflow.com/
Premium Content
You need an Expert Office subscription to comment.Start Free Trial