Skip to content

@ebourg ebourg released this Aug 9, 2021

  • MS Cabinet signing has been implemented (contributed by Joseph Lee)
  • Signatures can be detached and re-attached to make the builds reproducible without access to the private key
  • The new YUBIKEY storetype can be specified to sign with a YubiKey (the SunPKCS11 provider is automatically configured)
  • The Azure Key Vault, DigiCert ONE and Google Cloud KMS cloud key management systems have been integrated
  • The Maven plugin can now sign multiple files by defining a fileset (contributed by Bernhard Stiftner).
  • The command line tool can now sign multiple files
  • The alias parameter is now optional if the keystore contains only one entry (contributed by Michele Locati)
  • The keystore aliases are now listed in the error message if the alias specified is incorrect
  • The storetype parameter is no longer required for JCEKS keystores
  • Fixed the update of the PE checksum (contributed by Markus Kilås)
  • The CMSAlgorithmProtection attribute is no longer added to the signature (contributed by Yegor Yarko)
  • The signature algorithm is identified as RSA instead of sha*RSA when using SHA-2 digests (contributed by Yegor Yarko)
  • Upgraded BouncyCastle to 1.69
Assets 6

@ebourg ebourg released this Feb 29, 2020

  • Certificate files can now be used with a PKCS11 token to support OpenPGP cards unable to hold a whole certificate chain (contributed by Erwin Tratar)
  • Fixed an IllegalArgumentException when parsing large entries of MSI files
Assets 6

@ebourg ebourg released this Jan 7, 2020

  • Jsign now requires Java 8 or higher
  • MSI signing has been implemented
  • Script signing has been implemented: PowerShell (contributed by Björn Kautler), VBScript, JScript and WSF
  • The Maven plugin now uses the proxy defined in the Maven settings for the timestamping (contributed by Denny Bayer)
  • The Maven plugin now accepts passwords encrypted using the Maven security settings (contributed by Denny Bayer)
  • The Maven plugin is now bound by default to the package phase
  • The timestamping is no longer enabled by default with the Maven plugin
  • Renamed the command line tool from pesign to jsign
  • Renamed the Ant task and the Gradle extension method from signexe to jsign
  • SOCKS proxies are now supported
  • Fixed the invalid SHA-512 signatures (contributed by Markus Kilås)
  • The non-timestamped signatures are now reproducible (the signingTime attribute has been removed)
  • Upgraded BouncyCastle to 1.64
Assets 5

@ebourg ebourg released this Oct 8, 2018

  • Fixed the loading of SunPKCS11 configuration files with Java 9
  • SunPKCS11 configuration files can be loaded from any directory
  • Maven plugin settings can now be passed on the command line (contributed by Nicolas Roduit)
  • The first timestamping authority specified is no longer skipped (contributed by Thomas Atzmueller)
  • Fixed the typo on the withTimestampingAuthority() methods in PESigner (contributed by Bjørn Madsen)
  • Upgraded BouncyCastle to 1.60
Assets 5

@ebourg ebourg released this Jun 12, 2017

  • Jsign now requires Java 7 or higher
  • Multiple signatures are now supported. New signatures can replace or be added to the previous ones.
  • PKCS#11 hardware tokens are now supported.
  • The signature algorithm can now be specified independently of the digest algorithm (contributed by Markus Kilås)
  • Timestamping is attempted 3 times by default with a 10 seconds pause if an exception occurs (contributed by Erwin Tratar)
  • Timestamping can now fail over to other services
  • Private keys in PEM format are now supported (PKCS#1 and PKCS#8, encrypted or not)
  • Upgraded BouncyCastle to 1.54 (contributed by Markus Kilås)
  • Fixed the Accept header for RFC 3161 requests (contributed by Markus Kilås)
  • Internal refactoring to share the code between the Ant task and the CLI tool (contributed by Michael Peterson)
  • The code has been split into distinct modules (core, ant, cli).
  • Jsign is now available as a plugin for Maven (net.jsign:jsign-maven-plugin) and Gradle
  • The API can be used to sign in-memory files using a SeekableByteChannel
Assets 5

@ebourg ebourg released this Aug 4, 2016

  • The command line tool now supports HTTP proxies (contributed by Michael Szediwy)
  • RFC 3161 timestamping services are now supported (contributed by Florent Daigniere)
  • The digest algorithm now defaults to SHA-256
  • The shaded dependencies are now relocated to avoid conflicts
  • Added SHA-384 and SHA-512 checksums support
  • SHA-2 is accepted as an alias for SHA-256
Assets 5
Jan 10, 2013


Preparing the release of version 1.2
Nov 3, 2012


Site update
Oct 5, 2012


Site update