Java Code Signer Integration Guide
This guide demonstrates to Administrators how to sign Java artifacts using an encryption key generated on an HSM.
Java code signing is used for signing Java applications for desktops, digitally signing .jar files and Netscape Object signing recognized by Java Runtime Environment (JRE). In Java, the process for setting up your Code Signing Certificate consists of creating a keystore and a Certificate Signing Request (CSR) and then, installing your code signing certificate file to the keystore where the CSR was generated.
The Java platform enables one to digitally sign .jar files. The signer signs the .jar file using a private key. The corresponding public key is placed in the .jar file with its certificate, so that it is available for use by anyone who has access to the key. When the .jar file is signed, the user can timestamp the signature.
This guide demonstrates how to complete Java code signing using a signing key generated on an HSM on Demand Service.
Using an HSM on Demand Service to generate the RSA keys for Java code signing provides the following benefits:
>secure generation, storage, and protection of the signing private keys on FIPS 140-2 level 3 validated hardware.
>full life cycle management of the keys.
>improved performance by off-loading cryptographic operations from the signing servers.
This document contains the following sections:
Third Party Application Details
This integration guide uses the following third party applications:
>Java JDK 8
The following platforms are tested with SafeNet Data Protection On Demand:
|RHEL 64-bit||JDK 8|
|Windows Server 2016||JDK 8|