Timestamp signing JAR files

Digital Certificates Code Signing Certificate
#1

Hello,

I’m pretty new to the idea of timestamp-signing in general, but with support for this now part of the JDK (since v1.5) I’d really like to use this feature.

Assuming I’ve converted my code signing certificate to the correct format (p12) how can I now use that certificate to timestamp-sign my JAR files? Preferably I’d like to automate this using an ANT task (as I currently do without using timestamping features). My current syntax is very simple:

<signjar
        alias="ALIAS..."
        storepass="PASSWORD..."
        >
      <path>
        <fileset dir="dist" includes="**/*.jar" />
        <fileset dir="dist" includes="*.jar" />
      </path>
    </signjar>

The ANT documentation specifies a syntax for signing using timestamps as well: http://ant.apache.org/manual/CoreTasks/signjar.html

There is a parameter “tsaurl” which I presume should be set to the comodo timestamping server address, but it also asks for a parameter “tsacert” described as:

“alias in the keystore for a timestamp authority for timestamped JAR files in Java1.5+”.

can anyone tell me what I need to enter in this field?

Thanks in advance for any help with this!

#2

Ah, I’ve just found out what the “tsacert” parameter means (it’s the TSA’s public key certificate):
http://java.sun.com/javase/6/docs/technotes/guides/security/time-of-signing.html

So, what I’d now like to know is where can I get hold of this public key certificate from Comodo?

<EDIT 19:38>
I only have one COMODO trusted root CA root certificates installed on my machine, it says ‘Allows data to be signed with the current time’ under its list of intended purposes… however I think I’ll need to export it somehow, and I don’t know what format I should use…

Cheers!