Sign and verify a project

If you need to sign a project artifact and all attached artifacts and want to verify the signatures afterwards, just configure the sign and verify goal appropriately in your pom.xml for the signing to occur automatically during the package phase and for the verification to occur during the verify phase.

<project>
  ...
  <build>
    <plugins>
      ...
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-jarsigner-plugin</artifactId>
        <version>3.0.0</version>
        <executions>
          <execution>
            <id>sign</id>
            <goals>
              <goal>sign</goal>
            </goals>
          </execution>
          <execution>
            <id>verify</id>
            <goals>
              <goal>verify</goal>
            </goals>
          </execution>
        </executions>
      </plugin>
      ...
    </plugins>
  </build>
  ...
</project>

Note: The sign goal requires at least the alias to use for signing. This alias can be passed using the command line like -Djarsigner.alias="Alias Name" or set as a property in the settings.xml file when not configured in the POM.