Archive for Security

Signed java applet

Posted in Programming with tags , , , on May 15, 2007 by wsjoung

Applet Security Basics

Below are the basic facts regarding applet security and Java Plug-in. More detail can be found in the next chapter, How RSA Signed Applet Verification Works in Java Plug-in.

  • All unsigned applets are run under the standard applet security model.
  • If usePolicy IS NOT DEFINED in the java.policy file, then a signed applet has the AllPermission permission if:
    Java Plug-in can verify the signers, and the user, when prompted, agrees to granting the AllPermission permission.
  • If usePolicy IS DEFINED, then a signed applet has only the permissions defined in java.policy and no prompting occurs.

Moreover, note that Java Plug-in now handles certificate management; i.e., the certificate verification task is no longer passed off to the browser.

keytool -genkey -keyalg rsa -alias MyCert
keytool -certreq -alias MyCert
keytool -import -alias MyCert -file VSSStanleyNew.cer

or

keytool -selfcert

and

jarsigner AppletName.jar MyCert
jarsigner -verify -verbose -certs AppletName.jar

Advertisements