Downloads of v 3.0:


Last Update:

08 May 2021

Package Maintainer(s):

Software Author(s):

  • fbergmann


sign4j sign exe launch4j


  • 1
  • 2
  • 3

3.0 | Updated: 08 May 2021



Downloads of v 3.0:



Software Author(s):

  • fbergmann

  • 1
  • 2
  • 3
sign4j 3.0

  • 1
  • 2
  • 3

All Checks are Passing

3 Passing Tests

Validation Testing Passed

Verification Testing Passed


Scan Testing Successful:

No detections found in any package files


Deployment Method: Individual Install, Upgrade, & Uninstall

To install sign4j, run the following command from the command line or from PowerShell:


To upgrade sign4j, run the following command from the command line or from PowerShell:


To uninstall sign4j, run the following command from the command line or from PowerShell:


Deployment Method:

📝 NOTE: This applies to both open source and commercial editions of Chocolatey.

1. Enter Your Internal Repository Url

(this should look similar to

2. Setup Your Environment

1. Ensure you are set for organizational deployment

Please see the organizational deployment guide

2. Get the package into your environment

  • Open Source or Commercial:
    • Proxy Repository - Create a proxy nuget repository on Nexus, Artifactory Pro, or a proxy Chocolatey repository on ProGet. Point your upstream to Packages cache on first access automatically. Make sure your choco clients are using your proxy repository as a source and NOT the default community repository. See source command for more information.
    • You can also just download the package and push it to a repository Download

3. Copy Your Script

choco upgrade sign4j -y --source="'INTERNAL REPO URL'" [other options]

See options you can pass to upgrade.

See best practices for scripting.

Add this to a PowerShell script or use a Batch script with tools and in places where you are calling directly to Chocolatey. If you are integrating, keep in mind enhanced exit codes.

If you do use a PowerShell script, use the following to ensure bad exit codes are shown as failures:

choco upgrade sign4j -y --source="'INTERNAL REPO URL'" 

Write-Verbose "Exit code was $exitCode"
$validExitCodes = @(0, 1605, 1614, 1641, 3010)
if ($validExitCodes -contains $exitCode) {
  Exit 0

Exit $exitCode

- name: Install sign4j
    name: sign4j
    version: '3.0'
    state: present

See docs at

chocolatey_package 'sign4j' do
  action    :install
  source   'INTERNAL REPO URL'
  version  '3.0'

See docs at

cChocoPackageInstaller sign4j
    Name     = "sign4j"
    Version  = "3.0"
    Source   = "INTERNAL REPO URL"

Requires cChoco DSC Resource. See docs at

package { 'sign4j':
  ensure   => '3.0',
  provider => 'chocolatey',
  source   => 'INTERNAL REPO URL',

Requires Puppet Chocolatey Provider module. See docs at

4. If applicable - Chocolatey configuration/installation

See infrastructure management matrix for Chocolatey configuration elements and examples.

Private CDN cached downloads available for licensed customers. Never experience 404 breakages again! Learn more...

This package was approved by moderator TheCakeIsNaOH on 10 May 2021.


sign4j is a very simple utility to digitally sign executables containing an appended jar file, like those created by launch4j.

It works by first signing a temporary file to detect the size of the applied signature, and by then adding that size to a counter in the ZIP_END_HEADER of the embedded jar, so as to pretend that the signature is a comment belonging to it. That way the jar remains formally correct, and java accepts it.

This manipulation must be done atomically with the signing process, because doing it before would invalidate the jar file, while doing it later would break the signature. That's why the whole command line of your signing tool must be passed to sign4j, which will do the job.

Any signing tool can be used, as long as the name of the output file can be recognized among its parameters. This is currently done by either using an -out option if present, or taking the last filename with an exe suffix after all supplied options.

If the involved tool is able to remove a previous signature before adding the new one (as is normally the case) the initial test can be performed on the target executable itself, avoiding the creation of a temporary file. You can use the option --onthespot to signal that to sign4j.

The option --strict can be used to suppress the use of double quotes around parameters that strictly don't need them. The option --verbose shows diagnostics about intermediary steps of the process.

This utility can also be used to sign normal executables, but then it will remember you that the file can be signed directly.

$toolsDir   = "$(Split-Path -parent $MyInvocation.MyCommand.Definition)"
Get-ChocolateyWebFile -PackageName 'sign4j' -FileFullPath "$toolsDir\sign4j.exe" -Url '' -Checksum '1E54C719DDB8562AE2B35A7FEB8090393702F34C' -ChecksumType 'sha1'

$ErrorActionPreference = 'Stop';
$packageArgs = @{
  packageName   = $env:ChocolateyPackageName
  softwareName  = 'sign4j*'
  fileType      = 'EXE_MSI_OR_MSU'
  silentArgs    = "/qn /norestart"
  validExitCodes= @(0, 3010, 1605, 1614, 1641)

$uninstalled = $false
[array]$key = Get-UninstallRegistryKey -SoftwareName $packageArgs['softwareName']

if ($key.Count -eq 1) {
  $key | % { 
    $packageArgs['file'] = "$($_.UninstallString)"
    if ($packageArgs['fileType'] -eq 'MSI') {
      $packageArgs['silentArgs'] = "$($_.PSChildName) $($packageArgs['silentArgs'])"
      $packageArgs['file'] = ''
    } else {

    Uninstall-ChocolateyPackage @packageArgs
} elseif ($key.Count -eq 0) {
  Write-Warning "$packageName has already been uninstalled by other means."
} elseif ($key.Count -gt 1) {
  Write-Warning "$($key.Count) matches found!"
  Write-Warning "To prevent accidental data loss, no programs will be uninstalled."
  Write-Warning "Please alert package maintainer the following keys were matched:"
  $key | % {Write-Warning "- $($_.DisplayName)"}

Log in or click on link to see number of positives.

In cases where actual malware is found, the packages are subject to removal. Software sometimes has false positives. Moderators do not necessarily validate the safety of the underlying software, only that a package retrieves software from the official distribution point and/or validate embedded software against official distribution point (where distribution rights allow redistribution).

Chocolatey Pro provides runtime protection from possible malware.

Add to Builder Version Downloads Last Updated Status

This package has no dependencies.

Discussion for the sign4j Package

Ground Rules:

  • This discussion is only about sign4j and the sign4j package. If you have feedback for Chocolatey, please contact the Google Group.
  • This discussion will carry over multiple versions. If you have a comment about a particular version, please note that in your comments.
  • The maintainers of this Chocolatey Package will be notified about new comments that are posted to this Disqus thread, however, it is NOT a guarantee that you will get a response. If you do not hear back from the maintainers after posting a message below, please follow up by using the link on the left side of this page or follow this link to contact maintainers. If you still hear nothing back, please follow the package triage process.
  • Tell us what you love about the package or sign4j, or tell us what needs improvement.
  • Share your experiences with the package, or extra configuration or gotchas that you've found.
  • If you use a url, the comment will be flagged for moderation until you've been whitelisted. Disqus moderated comments are approved on a weekly schedule if not sooner. It could take between 1-5 days for your comment to show up.
comments powered by Disqus