When trying to use the latest maven-jarsign-plugin using a keystore-password which started with a hash (#), signing failed. After enabling debug output with -X, I got a strange debug message:
[DEBUG] Option lacks argument
Since signtool is invoked using /bin/sh -c ..., of course, any # must be quoted, because otherwise it acts as a comment-start and thus effectively cuts-off the rest of the cmdline.
After single-quoting the password in the pom.xml, the jar signing was ok.
Adding '#' to BASH_QUOTING_TRIGGER_CHARS in org.apache.maven.shared.utils.cli.shell.BourneShell.java should fix the problem.