Using Signum with Maven
Using the Jarsigner plugin for Maven https://maven.apache.org/plugins/maven-jarsigner-plugin/usage.html it is possible to sign artifacts during packaging using the Signum Linux Agent.
List Keys
With the agent installed and a user logged in run keytool to list key objects.
keytool -list -storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -providerArg ~/keyfactorpkcs11.cfg -storepass NONE
Will return objects like:
Keystore type: PKCS11
Keystore provider: SunPKCS11-KeyfactorPKCS11
Your keystore contains 1 entry
3AB5BFB91DFBB46CF765D5BEE51429618C4857DD - Certificate, PrivateKeyEntry,
Certificate fingerprint (SHA-256): 97:58:8B:1B:C4:D5:19:3C:C6:5F:3F:4A:73:11:53:17:98:D4:A7:E9:FD:A3:3D:88:B0:9F:09:EB:77:D9:23:F0
Configuration
In the pom.xml configuration use:
<configuration>
<keystore>NONE</keystore>
<alias>3AB5BFB91DFBB46CF765D5BEE51429618C4857DD - Certificate</alias>
<storepass>NONE</storepass>
<providerClass>sun.security.pkcs11.SunPKCS11</providerClass>
<storetype>PKCS11</storetype>
<providerArg>~/keyfactorpkcs11.cfg</providerArg>
<tsa>http://some-tsa-example</tsa>
</configuration>