How to run "jarsigner" command from JDK lib\modules JImage file?

"jarsigner" command allows you to digitally sign JAR (Java ARchive) files or verify digital signatures provided in JAR files.

"jarsigner" command is supported by the jmods\jdk.jartool.jmod module file, which is also linked into the lib\modules JImage file.

You can run the "jarsigner" command using the lib\modules JImage file as described below:

fyicenter> %JDK_HOME%\bin\java --module jdk.jartool/sun.security.tools.jarsigner.Main

Usage: jarsigner [options] jar-file alias
       jarsigner -verify [options] jar-file [alias...]

[-keystore <url>]           keystore location

[-storepass <password>]     password for keystore integrity

[-storetype <type>]         keystore type

[-keypass <password>]       password for private key (if different)

[-certchain <file>]         name of alternative certchain file

[-sigfile <file>]           name of .SF/.DSA file

[-signedjar <file>]         name of signed JAR file

[-digestalg <algorithm>]    name of digest algorithm

[-sigalg <algorithm>]       name of signature algorithm

[-verify]                   verify a signed JAR file

[-verbose[:suboptions]]     verbose output when signing/verifying.
                            suboptions can be all, grouped or summary

[-certs]                    display certificates when verbose and verifying

[-tsa <url>]                location of the Timestamping Authority

[-tsacert <alias>]          public key certificate for Timestamping Authority

[-tsapolicyid <oid>]        TSAPolicyID for Timestamping Authority

[-tsadigestalg <algorithm>] algorithm of digest data in timestamping request

[-altsigner <class>]        class name of an alternative signing mechanism
                            (This option has been deprecated.)

[-altsignerpath <pathlist>] location of an alternative signing mechanism
                            (This option has been deprecated.)

[-internalsf]               include the .SF file inside the signature block

[-sectionsonly]             don't compute hash of entire manifest

[-protected]                keystore has protected authentication path

[-providerName <name>]      provider name

[-addprovider <name>        add security provider by name (e.g. SunPKCS11)
  [-providerArg <arg>]] ... configure argument for -addprovider

[-providerClass <class>     add security provider by fully-qualified class name
  [-providerArg <arg>]] ... configure argument for -providerClass

[-strict]                   treat warnings as errors

[-conf <url>]               specify a pre-configured options file

⇒ jdk.jartool/sun.tools.jar.Main - "jar" Command

⇐ jdk.internal.le/jdk.internal.jline.console.internal.ConsoleRunner - Console Runner

⇑ Tools Supported from JDK 9+ lib\modules JImage

⇑⇑ FAQ for JDK (Java Development Kit)