Previous section: Tools to be used

Signing the JAR Files

o       Code Signing and Authentication

o       The Process

Code Signing

Code Signing is process of authenticating the code. A code needs to be digitally signed to verify its authenticity. Various tools (discussed in previous section) are available with the JDK for generating public/private key pairs and for signing the code using those.

The process of code signing authenticates that the code is from a particular user. It does not guarantee if the code is malicious or not. But a digitally signed code can guarantee that the code has not been tampered with since it was distributed.

The Process

The process of signing an applet includes following steps –

o       Use the keytool to generate a new key with the –genkey option

Keytool –genkey –alias <alias name>

o       Use the –selfcert option along with the newly created alias

Keytool –selfcert <alias name>

o       Generate the certificate request to get a certificate from a reputed Certification Authority

Keytool –certreq <alias name>

o       Import the received certificate to the alias

Keytool –import –alias <alias name> -file<certificate file>

o       Create a JAR file that includes all the class files

o       Use the JarSigner along with the given alias

Jarsigner <jar file name> <alias name>

o       Verify the signed JAR file with jarsigner

Jarsigner –verify <jar file name>

Next Section : Web Page To Applet Communication

Table of Contents

Top of Page | Home

© 2001 – EBSolute Technologies