Signing jar from javafx ant task doesn't verify with jarsigner

Question

I'm having trouble signing my JavaFX application. I'm using the ant task as specified here:

  <fx:signjar destdir="${project.build.directory}/signed" verbose="true" keyStore="keystore/MyKey.p12"
            storePass="mypass" storeType="pkcs12" alias="myalias" keyPass="mypass">
      <fileset dir="${project.build.directory}" includes="${myApp.name}.jar"/>
  </fx:signjar>

However when I run jarsigner -verify on the signed jar, it says jar is unsigned. (signatures missing or not parsable).

Opening it up, I see a file META-INF/SIGNATURE.BSF, but I believe jarsigner is expecting:

• a signature file, with a .SF extension, and
• a signature block file, with a .DSA, .RSA, or .EC extension.

So, is the JavaFX sign task not creating a proper signed jar? Is BSF (Blob Signed Format?) a new format that my jarsigner not handling properly?

Answer 1

I had the same issue (although I'm using maven / javafx-maven-plugin; shouldn't make a difference). FX build tools signing seems broken at the moment, since as you noticed, jarsigner does not recognize the fact that the jar is signed, nor does the webstart launcher when running the deployed application.

I ended up signing my JavaFX application jars using a separate plugin (maven-jarsigner) in my build script.

I'd imagine you could use Ant's SignJar similarly.

See also this JavaFX JIRA issue, which is currently set to won't fix.