Resignator

Resignator is a GUI for signing Java apps. It's a front-end to the command line keytool interface packaged with JDKs.  The full source code is available at Git Hub here.

I use Resignator for two use cases.  Sometimes, I have a folder of unsigned third-party JAR files that I need to sign.  I create a pair of folders "signed" and "unsigned".  I add the JARs to the unsigned folder and run Resignator.  The signed files gather in the signed folder.

The second use case involves working with third-party JARs that are updated frequently.  These JARs aren't part of my build process, so they don't get the jarsigner treatment in my Maven files.  When I get an updated JAR -- say a SNAPSHOT build -- I put it into a known location and run Resignator.  Resignator puts the signed JAR in the target folder.

In the past, I've used Ant scripts to do this type of JAR signing.  I think you'll find this more productive because of all your signing operations will be just a click away.  You won't have to go to the command line and maintain a set of scripts.

System Requirements

Resignator works on Windows, Mac, and Linux running a JRE of 1.8.0_40 or later.  A JDK (not just a JRE) is needed to provide the keytool and jarsigner commands.  This JDK does not have to match the JRE.

Start

To start the app, visit the JNLP link on the Resignator web site.

When starting the app the first time, you'll be prompted to enter a password.  Because Resignator saves keystore and key passwords, the underlying datastore needs to be encrypted.  Once logged in, you can change this password at any time from the File > Change Password command.

Enter New Password on First Run

Subsequent starts will prompt you for this password. This password is not recoverable and if it is lost, you'll need to reset your installation, losing any saved data.

Password Screen for Returning Users

Configuration

Resignator uses the keytool and jarsigner commands shipped with Java Development Kits (JDK).  Once logged in, navigate to File > Settings and enter the value of the JDK_HOME.  This should not include any /bin or /lib terminal path elements.

Configuring the App to Use a JDK

Profiles

A Profile is a set of code signing operands paired with a jarsigner configuration.  The operands are the source and target JAR files and a setting for replacing the existing signatures in the source JAR.  The jarsigner configuration is a keystore and key alias specification with credentials.  The following shows the main Resignator screen working with a profile "Javaassist".

 
Main Screen with Profile "Guava" Loaded

There are two types of Profiles: Jar and Folder.  "Jar" is for a single artifact, signing a single JAR and either copying or overwriting the result to a target.  "Folder" is for a group of artifacts.  It's used for a bulk signing operation.

Loading

Using the Browse buttons, select a Source JAR and a Target JAR.  Alternatively, you can set the Target JAR field by pressing the Copy button which will place the contents of the Source JAR field into the Target JAR field.  Both fields can be editted after an initial browse, though both must point to a valid path.

Profiles can also be loaded form the File > Recent Profiles command.

Saving

Save the Profile by executing the File > Save Profile command.  If the Profile already exists, you have the option to save the Profile under a different name using the File > Save As Profile command.

At any point in working with the Profile, you can configure the jarsigner command.  Press the Configure button to bring up the Jarsigner Config screen.

 
Jarsigner Config Screen

Modifications to the Jarsigner Config are not saved automatically when the window is closed.  They are saved along with the Profile using the File > Save Profile or File > Save as Profile commands.

The fields on Jarsigner Config are the parameters for a jarsigner command.  Proceed through the form from top to bottom so that the keystore and storepass will drive a drop-down list of Alias in the keystore.  Enter the Storepass and Confirm Storepass.  Press enter when finished putting the password in Confirm Storepass.

Signing

Pressing the Sign button with a valid Profile will unpack the contents of the JAR, optionally remove any previous signatures, then sign the JAR using jarsigner.  The following screenshot shows the Sign command run on a JAR with the "Replace existing signatures" option checked.

 
Guava JAR Signed

Customization

The presentation can be customized by toggling the Console and the Profile Browser sections using the checkboxes in the View menu.

You can view an About screen with release information from Help > About.  This help web page is accessed from Help > Help.

Maintenance

The password for the app's data file can be changed using the File > Change Password command.

If you don't remember your password, you can reset the application by removing the .resignator folder in your home directory.  This will delete only the Profiles.  No JARs or keystores will be deleted (unless they were deliberlately copied to this hidden folder).

Support

This tool is provided as-is with no warranty.  However, if you find bugs or have feature ideas, they will be addressed as time allows.  Send requests to email to resignator@bekwam.com.

The full source code is availble on GitHub here.