[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: OT: signed applet JAR files (fwd)
- To: ILUG <linux-il(at-nospam)linux.org.il>
- Subject: Re: OT: signed applet JAR files (fwd)
- From: Jonathan Ben-Avraham <benavrhm(at-nospam)tkos.co.il>
- Date: Wed, 3 Oct 2001 14:52:30 +0200 (IST)
- Delivered-To: linux-il-linux-il@linux.org.il
- Sender: linux-il-bounce(at-nospam)cs.huji.ac.il
On Wed, 3 Oct 2001, Ira Abramov wrote:
>
> Hi guys, please answer this wuestion in PRIVATE if you know how to help
> me, because it's off-topic in linux-il.
>
> I've compiled a jar of several applets I need to distribute as signed
> (priviliged sandbox). I created a certificate and signed the jar with
> javakey, all looks kosher, except when I load it in a browser (MSIE for
> now) it ignores the sig and treats the applets as unsigned (regular high
> restrictions on the sandbox)
>
> MSIE has that dialog that pops up on signed applets (the one with the
> "always trust content from XXX ?" tickbox), the MSDN has no solutions,
> and neither does the javasoft doc site... what am I missing?
>
> and again, please answer in private, thanks.
>
>
Hi Ira,
Hope this helps.
- yba
EE 77 7F 30 4A 64 2E C5 83 5F E7 49 A6 82 29 BA ~. .~ Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
- benavrhm@tkos.co.il - tel: +972.2.679.6452, http://www.tkos.co.il -
-- Attached file included as plaintext by Listar --
-- File: HowTo_Sign_Cert.txt
$Header: /home/tcltek/procedures/procedures/HowTo_Sign_Cert.txt,v 1.1 2000/12/25 19:19:19 benavrhm Exp $
For Browser:
1. Write java class
2. Create certificate :
signtool -G TclTekCert -d c:\Program Files\Netscape\Users\Isam
Warning: you need to set a password to user certificate database through pressing button "Security" in Netscape Toolbar ,choose Passwords ,Set Password
3. Sign .CLASS file
signtool -k TclTekCert -d c:\Program Files\Netscape\Users\Isam Directory
where Directory - is the name of directory where class file is situated.
4. Make .Jar file
jar -cvfM JarFile *.class
where JarFile - name of jar file ( for ex. shalom.jar)
*.class - signed class file (for ex. shalom.class)
5.Write HTML file
<HTML>
<HEAD>
<TITLE>Contact Manager</TITLE>
</HEAD>
<BODY BGCOLOR="#C0C0C0">
<CENTER>
<APPLET CODE="shalom.class"
ARCHIVE="shalom.jar"
WIDTH=580
HEIGHT=180>
<PARAM NAME="cabbase" VALUE="shalom.cab">
</APPLET>
</CENTER>
</BODY>
</HTML>
6. Downloaded files
SignTool 1.1 for Netscape - tool for creating and signing JAR files for Netscape
Microsoft JavaSDK 3.1 - Cab creation and signing tool for Microsoft Internet Explorer.
Plugin 1.1.1 for Netscape - to use JDK1.2 in Netscape.
For Plugin :
1. Generate keys for TclTek :
keytool -genkey -alias TclTek
2. Export key to certificate:
keytool -export -alias TclTek -file TclTek.cer
3. Make directory for .java file (for ex. Label) and copy .class .html .java files there
4. Make jar file from the class
jar -cvfM label.jar label.class
5. Sign jar file
signtool -k TclTek.cer -z Label.jar ./
sign all current tree
6.Verify signature
signtool -v label.jar
-- Attached file included as plaintext by Listar --
-- File: SigningNetscape.txt
$Header: /home/tcltek/procedures/procedures/SigningNetscape.txt,v 1.1 2000/12/25 19:19:19 benavrhm Exp $
Title: Netdcape signing objects
Date: 6-1-00
Author: Isam Abuteir
Desription: This document describes the steps needed to sign an applet
using netscape signtool for testing purposes.
Please keep in mind that the generated cert is used for testing puroses only.
After coding the applet is finished, you should purchase a cert from a trusted company
like Verisign or Thawte....
Procedure:
1- Decide which platform you want to work with. Remember that each platform has
its version of netscape tool "signtool"
2- Download "signtool" from netscape location
3- Install signtool and add its location to your PATH
For example c:\signtool13
4- Make sure you exit netscape completely before continuing this process
5- Generate your testing cert as folows:
signtool -d "path where cert07.db is found" -G MytestCert
example: signtool -d "c:\program files\netscape\users\kuku" -g newCert
Once this line is executed correctly, you will be asked to fill some
optional info. Go ahead and fill it.
After filling the info, the cert will be generated
Go to Netscape, click Securitu button
View Your Certificates
Note that the new cert is there
6- Create a directory and put in it the file you like to sign, for example abc.jar
Assume that the sert is located in c:\program files\netscape\users\isam
Assume that Cert name is RainTst
Do the following
I:\signedApplet\netscape>signtool -d "c:\program files\netscape\users\isam" -k R
ainTst -Z testjar.jar i:\signedapplet\netscape
7- To verify the signing
I:\signedApplet\netscape>signtool -d "c:\program files\netscape\users\isam" -v t
estjar.jar
using certificate directory: c:\program files\netscape\users\isam
archive "testjar.jar" has passed crypto verification.
status path
------------ -------------------
HASH FAILED testjar.jar
verified Renegade.html
verified Renegade.java
verified Renegade.class
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il