为什么需要对applet进行数字签名(digital signature)

Java applets are designed to run in a restricted environment known as Sandbox. This confinement helps avoid malicious activities and breach of security from intentionally harmful applets. Therefore, an applet cannot access or communicate with any outside-the-sandbox resource unless granted permission by the user.

The trustworthiness of an applet is showcased by signing it with a security certificate. Any unsigned applet will seem to be unsafe and insecure in the eye of an end-user. Unsigned applets are restricted to execute only a limited set of operations which are considered safe.

An unsigned applet will be blocked from executing the following operations:

  • Access a computer’s local file system.
  • Access clipboard data.
  • Access external computer peripherals like CD drives, DVD drives, microphones, speakers, or printers.
  • Access any kind of executable files.
  • Access computer’s system properties and settings.
  • Access connectivity to an external server, network or hard drive.

Looking at the above restrictions, it seems an unsigned applet cannot really be used effectively for any kind of problem solving. Signing disables all these restrictions. Thus, it becomes quite important to sign an applet with a genuine security certificate.

Let’s look at ways and steps of signing an applet with a security certificate.

It’s quite simple to sign a Java applet on your own using the Java Keytool.

  1. Create a JAR file of your applet.
  2. Generate a keystore database with keytool. Execute the following commands.
    keytool -genkey -keystore <keystore-name> -alias <alias-name> -validity <number-of-days>
    and
    keytool -selfcert -keystore <keystore-name> -alias <alias-name> -validity <number-of-days>
  3. Sign your JAR file with jarsigner. Execute the following command.
    jarsigner -keystore <keystore-name> <your-jar-file.jar> <alias-name>

WARNING: Self signed applets are mostly signed by the developers only. This showcases that the genuineness of that applet is approved by the developer only, and not any other independent party. Such applets display a warning while seeking permissions. Self signing is usually considered healthy while developing or testing an applet, but not while releasing it to the target user base.

If you don’t want to sign an applet yourself, you can purchase a security certificate from an independent third-party vendor like VeriSign [Symantec Code Signing Certificates for Java].

Once you get the certificate, execute the following command to generate a file containing your certificate information.

keytool -genkey -alias <alias-name> -keystore <keystore-name> -keypass <key-password> -dname <unique-name> -storepass <store-password> -validity <number-of-days>

An example of the above command will be:

keytool -genkey -alias techFaqFiles -keystore faqstore -keypass NtLQB9tV -dname “TF-MySignedApplet” -storepass nrHkpE0Q -validity 7300

Your certificate will stay valid for 20 years.

Were you able to sign your Java applet? If you faced any problem, please share in the comments below.

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值