You can read more about this tool in the offical guide: jarsigner - JAR Signing and Verification Tool.
Signing or verifying a Java archive which is neither a project artifact
nor an attached artifact can be done by using the
verify goals. If
this parameter is set, the goals will process the specified archive and will not process any project
To remove any existing signatures from the JARs before signing with your own key, simply set the parameter
removeExistingSignatures of the
sign mojo to
true. The resulting JAR will then appear
to be signed exactly once.