Chapter 8. Signed Applets

Signed applets are a Java 1.1 innovation. A signed applet is a cryptographically signed collection of class files and other supporting files, like graphic or sound files. Signed applets are exciting because they can step outside the restrictive applet sandbox of the Java 1.0 world. This means they can do more interesting and useful work than before, like writing and reading disk files and opening network connections to arbitrary hosts.

In theory, a signed applet works like this:

  1. A software developer (let’s say Josephine) obtains a certificate from a trusted Certificate Authority (CA), like VeriSign. The CA takes some trouble to verify Josephine’s identity before issuing her a certificate.

  2. While cruising the Web, you happen to browse to a page that contains an applet Josephine has written. She has cryptographically signed it using her private key. Your browser tells you that the applet is signed by Josephine and asks if the applet should be allowed to step outside the sandbox.

Why should this make you feel safe executing the applet?

  • Because the applet is signed, you know it hasn’t been modified by a malicious third party.

  • Because Josephine’s identity is vouched for by a CA, who signed her certificate, you can have some assurance that Josephine is who she says she is.

Currently, signed applets are stubborn and complex beasts. Three popular browsers (Sun’s HotJava, Netscape’s Navigator, and Microsoft’s Internet Explorer) support signed applets, but each browser ...

Get Java Cryptography now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.