You can read more about this tool in the offical guide: jarsigner - JAR Signing and Verification Tool.
| [top] |
Signing or verifying a Java archive which is neither a project artifact
nor an attached artifact can be done by using the archive parameter
of the sign and verify goals. If
this parameter is set, the goals will process the specified archive and will not process any project
artifacts.
| [top] |
To remove any existing signatures from the JARs before signing with your own key, simply set the parameter
removeExistingSignatures of the
sign mojo to true. The resulting JAR will then appear
to be signed exactly once.
| [top] |
