Sign a launch4j executable in ant with sign4j and jsign

Question

I have an application in a Jar and I wrap it in a exe with launch4j so is easy for the user to launch it (in windows). I have a certificate, so I sign the jar (I don\'t know

Answer 1

I use ant target as below to sign exe generated out of a jar file

<target name="signexe" depends="createExe" description="Signing Exe">
   <exec executable="C:\Tools\Launch4j\sign4j\sign4j.exe">
        <arg line="java -jar C:\3rdParty\jsign\jsign-3.1.jar
        --keystore ${keystore.location} --alias ${key.alias} --storepass ${store.password}
        --name 'Application Name'
        --tsaurl http://timestamp.verisign.com/scripts/timstamp.dll
         AppLauncher.exe"/>
    </exec>
</target>

Answer 2

What I have found is that you must execute the sign4j command with the signing command as its argument. Something like:

sign4j jsign -s keyfile.p12 -a "(codesign_1091_es_sw_kpsc)" --storepass AVERYGOODPASSWORD --storetype pkcs12 -n MyProgram -u https://www.example.com MyProgram.exe

So, to integrate it into ant, you need to create an exec task. For example, something like:

<exec executable="sign4j">
  <arg line="java -jar jsign-1.2.jar -s ${key.file} -a ${key.alias} --storepass ${key.password} --storetype pkcs12 ${exe.location}"/>
</exec>

It works also with other signing tools like for example authenticode from Microsoft, too ...

<exec executable="launch4j/sign4j/sign4j.exe">
    <arg line="signtool.exe sign /fd SHA256 /f mycert.pfx /p foobar /t http://timestamp.verisign.com/scripts/timstamp.dll dist\myapp.exe"/>
</exec>