.png){kind=logo}
Using the Jarsigner plugin for Jarsigner plugin for Apache Maven, the Signum Linux Agent can sign artifacts during packaging.
Prerequisites
-
Signum Linux Agent installed.
-
Java JDK installed (or install keytool separately)
-
Maven installed
List Key Objects
Use the keytool command to list the keys from the Keyfactor Signum PKCS#11 provider:
keytool -list -storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -providerArg ~/keyfactorpkcs11.cfg -storepass NONE
The output shows the certificate information:
Keystore type: PKCS11
Keystore provider: SunPKCS11-KeyfactorPKCS11
Your keystore contains 1 entry
3AB5BFB91DFBB46CF765D5BEE51429618C4857DD - Certificate, PrivateKeyEntry,
Certificate fingerprint (SHA-256): 97:58:8B:1B:C4:D5:19:3C:C6:5F:3F:4A:73:11:53:17:98:D4:A7:E9:FD:A3:3D:88:B0:9F:09:EB:77:D9:23:F0
Configure
Using the keystore certificate, add the certificate information to the pom.xml configuration:
<configuration>
<keystore>NONE</keystore>
<alias>3AB5BFB91DFBB46CF765D5BEE51429618C4857DD - Certificate</alias>
<storepass>NONE</storepass>
<providerClass>sun.security.pkcs11.SunPKCS11</providerClass>
<storetype>PKCS11</storetype>
<providerArg>~/keyfactorpkcs11.cfg</providerArg>
<tsa>http://some-tsa-example</tsa>
</configuration>