Sign of the Times
JDK 1.0 had an inflexible policy with regard to applets. An applet lived in the “sandbox” and was therefore prevented from doing anything really useful, like writing to the hard disk or making arbitrary socket connections. In JDK 1.1, it’s possible to create signed applets. This means that a client who has the signer’s certificate and trusts it can allow signed applets to run without the usual security restrictions. Two conditions must be met for this to happen:
The client needs to have installed the signer’s certificate using
javakey.The client software that hosts the applet needs to be JDK 1.1 compliant; it must be savvy about JAR files, and it must understand the new security features. As of this writing, only HotJava and
appletviewerknow anything about signed applets. Netscape and Microsoft will follow suit shortly.
You can use javakey to sign Java
Archive (JAR) files. A JAR can contain many files. For
example, you could bundle up all of the files needed for a particular
applet, classes, graphics, and sound, into a JAR. When you sign an
applet JAR, javakey adds a signature and one of
the signer’s certificates to the JAR. See Appendix C, for a description of the
jar utility, which creates JAR files.
As with certificate generation, applet signing requires a directive file. First, we need to specify who is signing the file:
signer=Marian
Next, we tell javakey which of the signer’s certificates we want to include in the JAR. You also need to specify the chain depth, ...
Get Java Cryptography now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
