Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / Security / April 2004

Tip: Looking for answers? Try searching our database.

Signing applet jar without verified digital ID

Thread view: 
Enable EMail AlertsStart New Thread
Jack Boyce - 12 Apr 2004 18:12 GMT
I'm the admin of an open-source java project
(http://jugglinglab.sourceforge.net), and a rank newbie to the topic
of jar signing.  I would like to be able to copy/paste text between my
applet and other applications, and from what I understand this
requires the applet to be trusted.

Now a verified digital ID from VeriSign seems to cost around $400,
which is way too much for an open-source project to consider.  I'm
wondering if it's possible to create our own (unverified) ID and
self-signed certificate, and sign our jar with that.  I have hunted
around and not seen any straightforward instructions on how to do
this, or even an indication of whether it's possible.

Can anyone clue me in here?  Thanks for the help!

Jack
Reply to this Message
Roedy Green - 12 Apr 2004 20:21 GMT
>Now a verified digital ID from VeriSign seems to cost around $400,
>which is way too much for an open-source project to consider.  I'm
>wondering if it's possible to create our own (unverified) ID and
>self-signed certificate, and sign our jar with that.  I have hunted
>around and not seen any straightforward instructions on how to do
>this, or even an indication of whether it's possible.

see http://mindprod.com/jgloss/certificate.html (you can get one for
$200)

see http://mindprod.com/jgloss/keytool.html for how to roll your own
fake one.

see http://mindprod.com/jgloss/digitalsigning.html for an overview of
what is going on.

--
Canadian Mind Products, Roedy Green.
Coaching, problem solving, economical contract programming.
See http://mindprod.com/jgloss/jgloss.html for The Java Glossary.
Reply to this Message
Michel Gallant - 12 Apr 2004 21:41 GMT
Yes, you can generate and use your own self-signed certificate.
It is all a matter of trust.
See the final box at:
 http://www.jensign.com/JavaScience/Thawte

- Mitch Gallant
  JavaScience Consulting
  www.jensign.com

> I'm the admin of an open-source java project
> (http://jugglinglab.sourceforge.net), and a rank newbie to the topic
[quoted text clipped - 12 lines]
>
> Jack
Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.