What is Jarsigner?

You can read more about this tool in the offical guide: jarsigner - JAR Signing and Verification Tool.

[top]

Is it possible to sign a single archive file?

Signing or verifying a Java archive which is neither a project artifact nor an attached artifact can be done by using the archive parameter of the sign and verify goals. If this parameter is set, the goals will process the specified archive and will not process any project artifacts.

[top]

How can I unsign JARs before re-signing them with my key?

To remove any existing signatures from the JARs before signing with your own key, simply set the parameter removeExistingSignatures of the sign mojo to true. The resulting JAR will then appear to be signed exactly once.

[top]