7

I have an application in a Jar and I wrap it in a exe with launch4j so is easy for the user to launch it (in windows). I have a certificate, so I sign the jar (I don't know if this is really necessary because it will be wrapped inside the exe) and I want to sign the exe but it corrupt the executable.

I use ant to make all the process and look like:

<signjar jar="${jar.location}" alias="${key.alias}" storetype="pkcs12" keystore="${key.file}" storepass="${key.password}" tsaurl="https://timestamp.geotrust.com/tsa" />

<launch4j configFile="launch4j_configuration.xml" fileversion="${version}.0" txtfileversion="${build}" productversion="${version}.0" txtproductversion="${build}" outfile="${exe.location}" jar="${jar.location}" />

<signexe file="${exe.location}" alias="${key.alias}" storetype="pkcs12" keystore="${key.file}" storepass="${key.password}" tsaurl="http://timestamp.verisign.com/scripts/timstamp.dll" />

I have found that is because when you sign the exe it broke the jar structure or something like this. But what I have also seen is that inside the launch4j folder is a sign4j folder that contains what I think is a program that solve this problem.

My problem now is how is used this program? And how can I integrate it in the ant script to sign the exe?

The README.txt file in the folder doesn't helped to me. Sorry if this so obvious but isn't clear for me. Also note that I'm using Ubuntu.

PhoneixS
  • 10,574
  • 6
  • 57
  • 73

3 Answers3

8

What I have found is that you must execute the sign4j command with the signing command as its argument. Something like:

sign4j jsign -s keyfile.p12 -a "(codesign_1091_es_sw_kpsc)" --storepass AVERYGOODPASSWORD --storetype pkcs12 -n MyProgram -u https://www.example.com MyProgram.exe

So, to integrate it into ant, you need to create an exec task. For example, something like:

<exec executable="sign4j">
  <arg line="java -jar jsign-1.2.jar -s ${key.file} -a ${key.alias} --storepass ${key.password} --storetype pkcs12 ${exe.location}"/>
</exec>

It works also with other signing tools like for example authenticode from Microsoft, too ...

<exec executable="launch4j/sign4j/sign4j.exe">
    <arg line="signtool.exe sign /fd SHA256 /f mycert.pfx /p foobar /t http://timestamp.verisign.com/scripts/timstamp.dll dist\myapp.exe"/>
</exec>
Jörg
  • 2,434
  • 23
  • 37
PhoneixS
  • 10,574
  • 6
  • 57
  • 73
  • Could you please explain me step by step how should sign an exe file produced by launch4j. I have never used signj4 before. Thanks! – Tulsi Mar 21 '17 at 11:39
  • @Tulsi Read the [Readme.txt](https://sourceforge.net/p/launch4j/git/ci/master/tree/sign4j/README.txt). As mentioned you should use an external command to sign it (in my case jsign). Simply call sign4j with the full jsign command. Use mine (the first code in the answer) as an example. – PhoneixS Mar 21 '17 at 12:39
  • Hi, I am using maven with launch4j maven plugin, can you guide how to do this with maven launch4j plugin – Mubasher Jul 02 '19 at 13:31
  • Sorry @Mubasher, but I didn't do it with so I don't know how to do it. I recommend you to ask your own question, sure there would be people who know how to do it. – PhoneixS Jul 02 '19 at 16:46
0

I use ant target as below to sign exe generated out of a jar file

<target name="signexe" depends="createExe" description="Signing Exe">
   <exec executable="C:\Tools\Launch4j\sign4j\sign4j.exe">
        <arg line="java -jar C:\3rdParty\jsign\jsign-3.1.jar
        --keystore ${keystore.location} --alias ${key.alias} --storepass ${store.password}
        --name 'Application Name'
        --tsaurl http://timestamp.verisign.com/scripts/timstamp.dll
         AppLauncher.exe"/>
    </exec>
</target>
Naveen H
  • 1
0

This issue can be solved by setting the main class in the launch4j configuration:

<classPath>
  <mainClass>org.acme.Main</mainClass>
</classPath>

See the related Jsign issue for more info: https://github.com/ebourg/jsign/issues/80

Emmanuel Bourg
  • 9,601
  • 3
  • 48
  • 76