HotJava

The simplest case is for HotJava, just because it was developed by the same people who brought you the Security API. HotJava recognizes applets archived in JAR files. (See Appendix C, for a description of the jar tool.) As discussed in Appendix D, you can use javakey to sign a JAR using one of the identities that’s defined in the javakey database. HotJava recognizes the signed JAR and allows you to define a security policy for the signer.

A security policy is a set of rules for a particular signer. For example, I might have the following security policy defined for applets signed by Josephine:

  • Applets can access the user.name system property.

  • Applets can write files to the local disk in the c:\temp directory.

  • Applets can make network connections to www.josephine.com.

HotJava allows you to define this kind of fine-grained security policy for different signers. We’ll take a peek at this feature a little later.

For HotJava, then, creating a signed applet follows three steps:

  1. Prepare a signer.

  2. Bundle up the applet.

  3. Sign the applet.

Prepare a Signer

You can use javakey to create a signer and generate keys for it. Refer to Appendix D if you’re not sure how to do this. Marian will be the signer for the Renegade applet. We’ll use her self-signed certificate to sign the applet.

If you didn’t install Marian as a signer, do it now. First, create Marian in the javakey database:

C:\ javakey -cs Marian true
Created identity [Signer]Marian[identitydb.obj][trusted]

Generate a set of keys for Marian ...

Get Java Cryptography now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.