I have a self-signed root certificate with just the code signing extension (no other extensions) in my Mac keychain; I use it to sign all code coming out of ∞labs using Apple's codesign tool and it works great.
I was looking to expand myself a little and doing some Java development. I know Apple provides a KeyStore implementation that reads from the Keychain, and I can list all certificates I have in the 'chain with:
keytool -list -provider com.apple.crypto.provider.Apple -storetype KeychainStore -keystore NONE -v
However, whenever I try to use jarsigner to sign a simple test JAR file, I end up with:
$ jarsigner -keystore NONE -storetype KeychainStore -providerName Apple a.jar infinitelabs_codesigning_2
Enter Passphrase for keystore: <omitted>
jarsigner: Certificate chain not found for: infinitelabs_codesigning_2. infinitelabs_codesigning_2 must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.
What am I doing wrong?
(The certificate was created following Apple's instructions for obtaining a signing identity.)
In the Keychain Access app on your Mac, select a keychain from one of the keychains lists, then double-click a certificate. Next to Trust, click the arrow to display the trust policies for the certificate. To override the trust policies, choose new trust settings from the pop-up menus.
In macOS, certificates are part of your digital identity and are stored in your keychain. Keychain Access lets you manage your certificates and keychains. Certificates are issued by trusted organizations, such as VeriSign, Inc., or RSA Data Security, Inc.
I think that your keystore entry alias must be wrong. Are you using the alias name of a keystore object with an entry type of "keyEntry"? The same command works perfectly for me.
From the jarsigner man page:
When using jarsigner to sign a JAR file, you must specify the alias for the keystore entry containing the private key needed to generate the signature.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With