The -c option tells javakey to create something. You can create either a normal identity or a signer. An identity is a person or organization with an associated public key and, perhaps, certificates to verify the public key. A signer is an identity with a private key that can be used for signing files. You should have an identity in your javakey database corresponding to every person that you expect may provide you with signed code. The first step is to create the identity; later on, I’ll show you how to associate a public key and certificates with the identity.

When an identity is created, you can tell javakey if the identity should be trusted or not. The appletviewer tool recognizes trusted identities. If you use appletviewer to run an applet that is signed by a trusted identity, then the applet will not be constrained by the usual security restrictions. Although it’s a step in the right direction, this is an all-or-nothing policy. You might trust Will Scarlet, but only a little, so it would be nice to specify that applets signed by him be allowed only filesystem access in one directory and not allowed network access at all. JavaSoft promises that more finely tuned access control will be available in future releases. Unless you specify otherwise, identities are not trusted when you first create them with javakey.

For example, the following commands will create Will Scarlet, who is not trusted, Marian, who is a trusted signer, and Sheriff, who is not trusted. The -c

Get Java Cryptography now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.