In the previous few chapters, we’ve examined various aspects of Java’s security package with an eye toward the topics of this chapter: the ability to generate and to verify digital signatures. We’ve now reached the fruits of that examination. In this chapter, we’ll explore the mechanisms of the digital signature.

The use and verification of digital signatures is another standard engine that is included in the security provider architecture. Like the other engines we’ve examined, the classes that implement this engine have both a public interface and an SPI for implementors of the engine.

In the JDK, the most common use of digital signatures is to create signed classes; users have the option of granting additional privileges to these signed classes using the mechanics of the access controller. In addition, a security manager and a class loader can use this information to change the policy of the security manager; this technique is quite useful in 1.1. Hence, we’ll also show an example that reads a signed JAR file.