Eureka. Just as I was about to give up, I wrote some sample code that signed a blob of crap with the private key and verified it against the cert. And it worked. So I wondered if the issue had something to do with the choice of signature algorithms.
And sure enough jarsigner -sigalg sha256withrsa -storetype pkcs11 gpj.jar signer works. And jarsigner -verify gpj.jar also works. Unless there is some reason why such a signature would not be acceptable for things like webstart, I think that means that I could happily put a code signing cert and key on a smart card and leave it sitting on my desk except when I wanted to use it. Which is nice and secure. _______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle
