Sign of the Times
JDK 1.0 had an inflexible policy with regard to applets. An applet lived in the “sandbox” and was therefore prevented from doing anything really useful, like writing to the hard disk or making arbitrary socket connections. In JDK 1.1, it’s possible to create signed applets. This means that a client who has the signer’s certificate and trusts it can allow signed applets to run without the usual security restrictions. Two conditions must be met for this to happen:
The client needs to have installed the signer’s certificate using
The client software that hosts the applet needs to be JDK 1.1 compliant; it must be savvy about JAR files, and it must understand the new security features. As of this writing, only HotJava and
appletviewerknow anything about signed applets. Netscape and Microsoft will follow suit shortly.
You can use
javakey to sign Java
Archive (JAR) files. A JAR can contain many files. For
example, you could bundle up all of the files needed for a particular
applet, classes, graphics, and sound, into a JAR. When you sign an
javakey adds a signature and one of
the signer’s certificates to the JAR. See Appendix C, for a description of the
jar utility, which creates JAR files.
As with certificate generation, applet signing requires a directive file. First, we need to specify who is signing the file:
Next, we tell
javakey which of the signer’s certificates we want to include in the JAR. You also need to specify the chain depth, ...