Eclipse
A BlackVault can be used to sign projects developed within an Eclipse environment. This example is how to sign a Java build from a client machine that has already been configured to use the Black Vault libraries.
Important: Verify that the pkcs.dat file is in the Eclipse project file. If it is not present, signing fails. Make sure that the pkcs.dat file contains the correct IP address and TLS port for the Black Vault.
- Log into the Black Vault as User operator.
- Verify that a key exists. From the Home screen > Information > List Keys
- If no key is available, A new key needs to be generated on the Black Vault with the Java keytool.
- Open a command prompt window.
- Use the following command:
keytool -genkeypair -keystore NONE -storepass 2222 -storetype PKCS11 -alias “RSAkey” -keyalg “RSA” -keysize “2048” -dsname “CN=Bob Joe, OU=Development, O=Engage Communication Inc., L=Aptos, S=California, C=US”
- Create a file called build.xml with the following information; and substitute attributes as appropriate.
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<project default="create_run_jar" name="Create Runnable Jar for Project Hello">
<!--this file was created by Eclipse Runnable JAR Export Wizard-->
<!--ANT 1.7 is required -->
<target name="create_run_jar">
<jar destfile="/home/user/Desktop/Hello.jar" filesetmanifest="mergewithoutmain">
<manifest>
<attribute name="Main-Class" value="Hello"/>
<attribute name="Class-Path" value="."/>
</manifest>
<fileset dir="/home/user/workspace/Hello/bin"/>
</jar>
<signjar jar="/home/user/Desktop/Hello.jar" alias="RSAKey" keystore ="NONE" storetype="PKCS11" storepass="2222"/>
<java jar="/home/user/Desktop/Hello.jar" fork="true"/>
</target>
</project>
- Either open an existing project, or create a new project
- Click the dropdown menu next to the custom builds button. Select External Tools Configurations.
- Right-click Ant Build, and then select New.
- In the buildfile location field, click browse filesystem for build file you just created (build.xml)
- In the base directory location field, click browse workspace and selcet the project folder (this is where pkcs.dat should live)
- Verify that the signing happened correctly. From a command prompt window, enter:
jarsigner -verify -verbose -certs <jarfilename>.jar
- If it is successful it will give the certificates used in signing the jar. It will also at the end state:
“jar verified”
- If it is unsuccessful the command will output:
“jar is unsigned. (signatures missing or not parsable)”
- If it is successful it will give the certificates used in signing the jar. It will also at the end state: