Frequently Asked Questions
- What is Jarsigner?
-
You can read more about this tool in the offical guide: jarsigner - JAR Signing and Verification Tool.
- Is it possible to sign a single archive file?
-
Signing or verifying a Java archive which is neither a project artifact nor an attached artifact can be done by using the
archive
parameter of thesign
andverify
goals. If this parameter is set, the goals will process the specified archive and will not process any project artifacts. - How can I unsign JARs before re-signing them with my key?
-
To remove any existing signatures from the JARs before signing with your own key, simply set the parameter
removeExistingSignatures
of thesign
mojo totrue
. The resulting JAR will then appear to be signed exactly once. - Why if I want to sign an artifact and then assembly there is some problem under windows?
-
To fix the problem, just move the assembly execution so it comes after the jarsigner execution in the pom.
The whole story of the problem can be found in MJARSIGNER-13 issue.