Signing Jar Files (converting pvk to p12)

最新推荐文章于 2023-07-25 14:23:10 发布
最新推荐文章于 2023-07-25 14:23:10 发布
阅读量1.4k 收藏
点赞数
分类专栏: Security Java 文章标签: jar microsoft file properties import java
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/jinhill/article/details/4053746
版权

We recently renewed our code signing certificate for signing java applets, this is the first year we have had to renew it, and the process is a bit different from when we generated it. When we first received the key we did it with a CSR, and the java keytool. So when their renewal process had us generate a Microsoft Authenticode pvk private key, I was a bit confused as to what to do with it. It takes a bit of work to generate a PKCS12 file that java's jarsigner can use, so I'm blogging this so I will remember what to do next year, and also to help out anyone else in this situation.

You will need two files:

  • pvk file (generated by IE, and stored in c:/mykey.pvk by default)
  • spc file (the cert)

Now to generate a PKCS12 pfx file you need Microsoft's pvkimprt tool (If I could have found this tool sooner, I could have saved myself a lot of time playing with openssl, and the ported pvk tool!). So install and run the tool:

pvkimprt c:/mycert.spc c:/mykey.pvk

Import it into your personal keystore, so we can export it as a pfx file:

  • Start-Run: mmc.exe
  • Add Snapin: Certificates
  • Properties: Add a friendly name to the cert (this will be the alias)
  • Export a pfx file

Now that you have your pfx file, your going to need to guess what import and export it again (the docs state that the pfx file will only work on jdk 1.4, I had no luck, so I generated a p12 file as shown below).

  • Open up Netscape/Mozilla/Firefox Certificate Manager (Tools-Options-Advanced-Certificates in Firefox)
  • Import your pfx file
  • Export a p12 file

And after that process you will have a certificate you can use to sign jar files, and possibly start your own import/export business.

Here's the KB article from Thawte, that had I been able to find on my own would have saved me lots of time: http://kb.thawte.com/thawte/thawte/esupport.asp?id=vs26925

And here's the ant task I use to sign jar files:

<target name="signjar" depends="jar">
 <input
    message="Please enter keystore password:"
    addproperty="keypass" />
	
 <signjar jar="${lib}/yourJar.jar" storetype="pkcs12"
   keystore="${keystore}/yourkey.p12" alias="Your Alias" 
   storepass="${keypass}"/>
</target>

This process should be a lot easier, I always hate dealing with certificates. I must say however that aside from having a name I can neither pronounce, nor spell consistently Thawte has always been helpful when I contact them.

Jinhill
关注
专栏目录
Unable to find manifest signing certificate in the certificate store
05-29
在进行软件开发过程中,特别是涉及到应用程序发布或者组件打包时,可能会遇到一个错误提示:“无法在证书存储中找到清单签名证书(Unable to find manifest signing certificate in the certificate store)”。...
gpg-key-signing
04-30
Signing SubKey此子项将用于对我们的提交进行签名。 加密SubKey在此上下文中并未真正使用,但这是默认创建的,可能会派上用场。 我们将使主密钥的私密部分保持离线状态,以保护我们的身份免遭盗窃或丢失。 阅读...
java常见证书类型和密钥库类型
liaomin416100569的专栏
07-24 1万+
一 。证书类型    1》证书概念:       证书是对现实生活中 某个人或者某件物品的价值体现 比如古董颁发见证书 ,人颁发献血证等 通常证书会包含以下内容 证书拥有者名称(CN),组织单位(OU)组织(O),城市(L) 区(ST) 国家/地区( C )       证书的过期时间 证书的颁发机构 证书颁发机构对证书的签名,签名算法,对象的公钥等       数字证书的格式遵循X.5...
com.android.ide.common.signing.KeytoolException: Failed to read key AndroidDebugKey from store
振华OPPO的博客世界
03-14 1万+
报错信息 Execution failed for task ‘:app:packageDebug’. A failure occurred while executing com.android.build.gradle.internal.tasks.Workers$ActionFacade com.android.ide.common.signing.KeytoolException: Failed to read key AndroidDebugKey from store “C:\Users\FA
【Android Gradle 插件】Gradle 依赖管理 ⑧ ( implementation fileTree 引入jar文件依赖 | implementation files 引入文件依赖 )
让 学习 成为一种 习惯 ( 韩曙亮 の 技术博客 )
05-29 8762
一、implementation fileTree 引入目录下的文件作为依赖、 二、implementation files 引入目录下的文件作为依赖
IllegalStateException: For MAC signing you do not need to specify the verifier key separately异常解决
一一哥
08-06 2376
IllegalStateException: For MAC signing you do not need to specify the verifier key separately... 一.异常现象 我在SpringCloud微服务项目中,利用SpringSecurity整合OAuth2,结合RSA非对称加密算法实现jwt token的时候,遇到了如下异常信息: org.springframework.beans.factory.UnsatisfiedDependencyException:
证书文件无法生成.p12
survivorsfyh的博客
07-25 1610
证书文件无法生成.p12
jarJava Runtime recognizes class file versions up to 52.0
sysu_lluozh
11-11 1万+
UI自动化平台二次开发开源项目 daxiang agent 做为设备连接和任务执行的agent模块 开始使用时服务部署在windows环境,但是发现在两台设备连接并使用时cpu直接打满,故考虑将服务部署在一台18c的linux设备,并针对性的优化性能 在linux中安装java8、appiun环境后,在mac中打包,并运行 java -jar agent.5.0.jar,发现在执行用例时抛出异常如下: 核心的报错信息 Exception in thread "main" java.lang.Unsuppo
xcode Automatic signing is unable to resolve an issue 错误
shaokang5532的博客
06-12 3762
原先的上线APP需要加入内购,首先在开发者中心创建内购证书,app id添加支持内购并选择相应的证书后 在XCode里面配置 刚配置选择证书的时候一直提示xcode Automatic signing is unable to resolve an issue错误,明明证书都配好了,一直报这个错误,我想应该是证书缓存问题. 前往文件夹:~/Library/MobileDevice/...
Android studio导入项目提示com.android.ide.common.signing.KeytoolException:Failed to read key
weixin_46409629的博客
03-08 2285
Android studio导入项目时提示"c:\Users\86156\.android\debug.keystore": Invalid keystore format
Automatically manage signing
了凡
05-20 2751
Automatically manage signing 参考: iOS开发之带你玩转Xcode自动管理证书 iOS Code Signing 虽然现在xcode推荐使用Automatically manage signing,但在使用过程中还是遇到一些问题 1.Provisioning Profile的位置 位于如下的位置,可能有时候需要手动删除 ~/Library/MobileDevice/Provisioning Profiles/ 下载Provisioning Profile,可在Xcode
java生成X509证书jar
04-14
接着,我们将创建一个证书请求(CSR,Certificate Signing Request)。这可以通过`org.bouncycastle.operator.jcajce.JcaContentSignerBuilder`和`org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder`实现。...
pepk.jar Pepk签名压缩工具
08-25
PEPK(Package Expansion and Signing Tool)是华为AppGallery Connect推出的一款用于应用签名和资源压缩的工具。这款工具主要面向Android开发者,旨在简化APK的签名过程,并优化应用程序的大小,以便更好地适应华为...
makecert.exe和pvk2pfx.exe
最新发布
04-16
不要积分,免费的。 这两个文件你安装vs 也会自带,如果你不想安装vs可也可直接下载此文件直接运行;...https://learn.microsoft.com/zh-cn/windows-hardware/drivers/devtest/tools-for-signing-drivers
SSL连接建立过程分析(1)
热门推荐
Jinhill's Blog
12-26 4万+
Https协议:SSL建立过程分析web访问的两种方式:http协议,我们一般情况下是通过它访问web,因为它不要求太多的安全机制,使用起来也简单,很多web站点也只支持这种方式下的访问.https协议(Hypertext Transfer Protocol over Secure Socket Layer),对于安全性要求比较高的情况,可以通过它访问web,比如工商银行https:/
Java生成CSR创建证书
Jinhill's Blog
12-27 2万+
Java生成CSR,签发证书package com.jinhill.cert; import java.io.ByteArrayInputStream; import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.FileWriter; import java.io.IOException; im
用openssl命令生成证书
Jinhill's Blog
06-21 2万+
也许很多人和本人一样深有体会,使用OpenSSL库写一个加密通讯过程,代码很容易就写出来了,可是整个工作却花了了好几天。除将程序编译成功外(没有可以使用的证书文件,编译成功了,它并不能跑起来,并不表示它能正常使用,所以......),还需生成必要的证书和私钥文件使双方能够成功验证对方。找了n多的资料,很多是说的很模糊,看了n多的英文资料,还是没有办法(不知道是不是外国朋友都比较厉害,不用说明得太清
Openssl验证证书的有效性
Jinhill's Blog
02-27 1万+
好久没写博客了,直接上代码#include #include #include #include #include int LoadCert(unsigned char * szFilePath, unsigned char *pbCert, int size) { int len = 0; if(szFilePath == NULL || pbCert == NULL || siz
openssl 生成CSR
Jinhill's Blog
12-27 9674
将openssl如何生成CSR写了一上DEMO,支持扩展属性,同时增加了通过DN字符串转X509_NAME的方法。#include #include #include #pragma comment(lib, "libeay32.lib") /* * subject is expected to be in the format /type0=value0/type1=value1/typ
iOS证书全解析:Code Signing、Provisioning Profile与推送设置
"这篇文章主要介绍了iOS开发中关于代码签名(Code Signing)、配置文件(Provisioning Profile)、Bundle Identifier以及如何创建和管理各种证书的过程。" 在iOS应用开发中,理解并正确配置Code Signing、...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值