Creating
The -c
option tells
javakey
to
create something. You can create either a
normal identity or a
signer. An identity is a person or organization
with an associated public key and, perhaps, certificates to verify
the public key. A signer is an identity with a private key that can
be used for signing files. You should have an identity in your
javakey
database corresponding to every person
that you expect may provide you with signed code. The first step is
to create the identity; later on, I’ll show you how to
associate a public key and certificates with the identity.
When an identity is created, you can tell javakey
if the identity should be trusted or not. The
appletviewer
tool recognizes trusted identities.
If you use appletviewer
to run an applet that is
signed by a trusted identity, then the applet will not be constrained
by the usual security restrictions. Although it’s a step in the
right direction, this is an all-or-nothing policy. You might trust
Will Scarlet, but only a little, so it would be nice to specify that
applets signed by him be allowed only filesystem access in one
directory and not allowed network access at all. JavaSoft promises
that more finely tuned access control will be available in future
releases. Unless you specify otherwise, identities are not trusted
when you first create them with javakey
.
For example, the following commands will create Will Scarlet, who is
not trusted, Marian, who is a trusted signer, and Sheriff, who is not
trusted. The -c
Get Java Cryptography now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.