Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / Security / March 2005

Tip: Looking for answers? Try searching our database.

Timestamp signed applet demo for  J2SE 5

Thread view: 
Enable EMail AlertsStart New Thread
Michel Gallant - 18 Mar 2005 17:28 GMT
I've done a bit of testing with the J2SE 5.0 timestamp support and jarsigner:

VeriSign's timestamp service implementation does NOT work with
Sun RFC 3161 implementation of timestamp.

The following test service (i.e. TSA cert NOT included in most trusted CA stores)
however DOES appear to work with jarsigner:
  http://www.edelweb.fr/tsa.html

Typical signing and timestamping command (using pkcs#12 cert store):

jarsigner -storetype pkcs12 -keystore mystore.pfx -tsa  "http://www.edelweb.fr/cgi-bin/service-tsp"  mysigTS.jar  <kalias>

Notes:
 (1) JavaPlugin 5 security dialog for signed TS'd Java applet shows extra field verifying timestamp validity.
 (2) A TS'd signed Java applet, targetting  Java 1.4, will appear to be NOT signed if timestamped this way.
       I believe that Sun plans to issue service releases to support timestamped signed JARs.

A sample signed Java applet including timestamping from edelweb TSA is here:
  http://www.jensign.com/JavaScience/www/messagedigestTS/

For testing and comparison, here is the same signed Java applet, but without timestamping:
 http://www.jensign.com/JavaScience/www/messagedigestj2

Note that the signature verification with timestamping appears to FAIL for lower releases of J2SE (e.g. J2SE 1.4)
even though the code was compiled targetting   1.4 version.

- Mitch Gallant
  www.jensign.com
Reply to this Message
Michel Gallant - 21 Mar 2005 15:04 GMT
The signed and timestamped sample has been modified to use
the Certum TSA:
  http://www.jensign.com/JavaScience/www/messagedigestTS

This works on W2k Pro sp4 with J2SE 5.0.

I would like to get some feedback on if this applet works properly
(i.e. raises a signed applet security grant window) with J2SE v1.4.2_4+.
According to Sun, this version and higher should work with
timestamped signed applets.
However, I have tested this applet on:
  WinXP  J2SE v1.4.2_7  (most recent maintenance release of 1.4.2 version)
but the page does not show any security dialog and acts as if it
is unsigned.
For comparison, the following signed applet (signed the same way but WITHOUT
a timestamp) works as expected on the WinXP system with J2SE v1.4.2_7
 http://www.jensign.com/JavaScience/www/messagedigestj2

Thanks,
- Mitch

> I've done a bit of testing with the J2SE 5.0 timestamp support and jarsigner:
>
[quoted text clipped - 25 lines]
> - Mitch Gallant
>    www.jensign.com
Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.