We have a requirement that while exporting product package (using product rule) from development environment, it must be digitally signed (jar should be digitally signed). Also, when we import the jar in the higher environment, the same jar must be validated against the digital signature used while creating the jar. This is to make sure that the jar package is not tempered while in transit for deployment.
Please let us know if Pega has some OOTB implementation that can be leveraged. Thanks!