[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OT: signed applet JAR files (fwd)




On Wed, 3 Oct 2001, Ira Abramov wrote:

> 
> Hi guys, please answer this wuestion in PRIVATE if you know how to help
> me, because it's off-topic in linux-il.
> 
> I've compiled a jar of several applets I need to distribute as signed
> (priviliged sandbox). I created a certificate and signed the jar with
> javakey, all looks kosher, except when I load it in a browser (MSIE for
> now) it ignores the sig and treats the applets as unsigned (regular high
> restrictions on the sandbox)
> 
> MSIE has that dialog that pops up on signed applets (the one with the
> "always trust content from XXX ?" tickbox), the MSDN has no solutions,
> and neither does the javasoft doc site... what am I missing?
> 
> and again, please answer in private, thanks.
> 
> 

Hi Ira,
Hope this helps.

 - yba


 EE 77 7F 30 4A 64 2E C5  83 5F E7 49 A6 82 29 BA    ~. .~   Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
   - benavrhm@tkos.co.il - tel: +972.2.679.6452, http://www.tkos.co.il -


-- Attached file included as plaintext by Listar --
-- File: HowTo_Sign_Cert.txt

$Header: /home/tcltek/procedures/procedures/HowTo_Sign_Cert.txt,v 1.1 2000/12/25 19:19:19 benavrhm Exp $

For Browser:
	
1.  Write java class
2.  Create certificate :
	signtool -G TclTekCert -d c:\Program Files\Netscape\Users\Isam 
      
Warning: you need to set a password to user certificate database through pressing 	                              button  "Security" in Netscape Toolbar ,choose Passwords ,Set Password
  
3. Sign  .CLASS file
	signtool -k TclTekCert -d c:\Program Files\Netscape\Users\Isam Directory
   where Directory - is the name of directory where class file is situated.

4. Make .Jar  file
	jar -cvfM JarFile *.class
	
         where  JarFile - name of jar file ( for ex.  shalom.jar)
	     *.class - signed class file (for ex. shalom.class)	
5.Write HTML file
<HTML>
<HEAD>
<TITLE>Contact Manager</TITLE>
</HEAD>
<BODY BGCOLOR="#C0C0C0">

<CENTER>
<APPLET CODE="shalom.class"
    ARCHIVE="shalom.jar"
    WIDTH=580 
    HEIGHT=180>
<PARAM NAME="cabbase" VALUE="shalom.cab">
</APPLET>
</CENTER>

</BODY>
</HTML>


6. Downloaded  files

	SignTool 1.1 for Netscape - tool for creating and signing JAR files for Netscape

                     Microsoft JavaSDK 3.1  - Cab creation and signing tool for Microsoft Internet Explorer.

	Plugin 1.1.1 for Netscape - to use JDK1.2 in Netscape.


For Plugin :

1. Generate  keys for TclTek :
 	keytool -genkey -alias TclTek

2. Export  key to certificate:
	keytool -export -alias TclTek -file TclTek.cer

3. 	Make directory for .java file (for ex. Label) and copy .class .html .java files there
4. 	Make jar file from the class
	jar -cvfM  label.jar label.class
5. Sign jar file
	signtool -k TclTek.cer -z Label.jar  ./
  sign all current tree
6.Verify signature
             signtool -v label.jar

-- Attached file included as plaintext by Listar --
-- File: SigningNetscape.txt

$Header: /home/tcltek/procedures/procedures/SigningNetscape.txt,v 1.1 2000/12/25 19:19:19 benavrhm Exp $

Title: Netdcape signing objects
Date: 6-1-00
Author: Isam Abuteir

Desription: This document describes the steps needed to sign an applet
using netscape signtool for testing purposes.
Please keep in mind that the generated cert is used for testing puroses only.
After coding the applet is finished, you should purchase a cert from a trusted company
like Verisign or Thawte....

Procedure:
1- Decide which platform you want to work with. Remember that each platform has
its version of netscape tool "signtool"

2- Download "signtool" from netscape location

3- Install signtool and add its location to your PATH
   For example c:\signtool13

4- Make sure you exit netscape completely before continuing this process

5- Generate your testing cert as folows:
   signtool -d "path where cert07.db is found" -G MytestCert
   example: signtool -d "c:\program files\netscape\users\kuku" -g newCert
   Once this line is executed correctly, you will be asked to fill some
   optional info. Go ahead and fill it.
   After filling the info, the cert will be generated
   Go to Netscape, click Securitu button
   View Your Certificates
   Note that the new cert is there
6- Create a directory and put in it the file you like to sign, for example abc.jar
   Assume that the sert is located in c:\program files\netscape\users\isam
   Assume that Cert name is RainTst 
   Do the following

   I:\signedApplet\netscape>signtool -d "c:\program files\netscape\users\isam" -k R
   ainTst -Z testjar.jar i:\signedapplet\netscape

7- To verify the signing
 
   I:\signedApplet\netscape>signtool -d "c:\program files\netscape\users\isam" -v t
     estjar.jar
   using certificate directory: c:\program files\netscape\users\isam
   archive "testjar.jar" has passed crypto verification.

          status   path
    ------------   -------------------
     HASH FAILED   testjar.jar
        verified   Renegade.html
        verified   Renegade.java
        verified   Renegade.class



=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il