Closed ymschaap closed 4 years ago
I guess you've figured out how to solve this since you closed it. I'd like to document how to use various hardware tokens with jsign, so if you want to share how you did I'm interested.
Sure! I made it work, happy to provide details. It more or less uses the files from this gist.
My case and solution:
I have an Electron app, and create a MacOS and Windows build. To resolve the Windows Defender warning for the .exe file build, I bought an EV code signing certificate.
This came as a SafeNet eToken 5100, a hardware USB stick. I also retrieved a password (by email) which is the storepass value.
Setup:
Test:
keytool -list -keystore NONE -storetype PKCS11 -providerclass sun.security.pkcs11.SunPKCS11 -providerArg ./hardwareToken.cfg
Should return the alias of the cert. It will fail if library is set wrong.
Build & sign:
electron-builder
creates the binaries.This is my jsign command:
java -jar ./jsign-3.1.jar --keystore ./hardwareToken.cfg --storepass 'xxxxxx' --storetype PKCS11 --tsaurl http://timestamp.globalsign.com/scripts/timestamp.dll --alias 'xxxxxx' ${configuration.path}
Which is run by Node post-build:
require("child_process").execSync(command);
Note: I opened this ticket because I used double quotes, instead of single quotes for the --storepass, and then it fails with CKR_PIN_INCORRECT.
Nice, thank you!
[removed]