How to sign Java JARs without buying an X.509 certificate?

Thread view:

dingbat@codesmiths.com - 02 Mar 2006 17:14 GMT

How do I sign and deploy Java JARs, using a key that is certified by
OpenPGP, rather than X.509?

The intention (obviously) is to avoid the warning dialogues for an
unsigned key, but to not have to spend money on buying a X.509
certificate. It's for a medium sized software house with a small
number of closely-tied customers using an expensive core-business
package. Extending OpenPGP trust to them is not a problem.

I'm aware of bouncycastle.org but they seem to be providing toolkits
for embedded crypto, rather than the dev tool I'm looking for.

Thanks for any advice

Reply to this Message

Mike Amling - 02 Mar 2006 18:49 GMT

> How do I sign and deploy Java JARs, using a key that is certified by
> OpenPGP, rather than X.509?
[quoted text clipped - 9 lines]
>
> Thanks for any advice

Try comp.lang.java.security.

--Mike Amling

Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...