I have created a Java application & bundled it in Jar file.
After that I have create exe with JSmooth & signed it. Its working perfectly fine. But now I want to switch from Jsmooth to Launch4j, this also creating exe like Jsmooth. The exe is working fine, but after signing with Signtool, its shows me error about INVALID Jar. So what should I do ?
Please suggest me, I am using following batch file to sign the exe.
signtool.exe sign /f SignCode\LM.p12 /p %StorePass% /v /t %TimeURL% "%File1%"
signtool.exe verify /v /a "%File1%"
Thanks in advance,
Did you ever find an answer to this? I'm having the exact same problem.
Actually, it is possible to sign a wrapped jar file with a little bit of work.
The final file format will be the header+jar+footer where the header is the launch4j.exe, the jar is really just a zip, and the footer is the signtool authenticode signature.
Since the zip format allows for a comment to be included at the end of the central directory record, up to 65535 bytes can occur after the jar which should be enough for the signature.
Steps to perform:
1. Use launch4j to wrap test.jar to test.exe
2. Create a copy of test.exe named test-sign.exe
3. Use signtool to sign test-sign.exe
4. Find the size of the signature in bytes i.e. sizeInBytesOf(test-sign.exe) - sizeInBytesOf(test.exe)
5. Edit test.exe with favorite HEX editor to change last two bytes of exe i.e. the jar i.e. the zip end of central directory to the size using littleendian byte order and save
6. Use signtool to sign test.exe
7. Verify test.exe signature
I can confirm the hack from rrische.
With a custom ant-task this can be done in a build-enviroment.