Home > Archive > Java Security > April 2004 > Signing applet jar without verified digital ID
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Signing applet jar without verified digital ID
|
|
| Jack Boyce 2004-04-12, 2:43 pm |
| I'm the admin of an open-source java project
(http://jugglinglab.sourceforge.net), and a rank newbie to the topic
of jar signing. I would like to be able to copy/paste text between my
applet and other applications, and from what I understand this
requires the applet to be trusted.
Now a verified digital ID from VeriSign seems to cost around $400,
which is way too much for an open-source project to consider. I'm
wondering if it's possible to create our own (unverified) ID and
self-signed certificate, and sign our jar with that. I have hunted
around and not seen any straightforward instructions on how to do
this, or even an indication of whether it's possible.
Can anyone clue me in here? Thanks for the help!
Jack
| |
| Roedy Green 2004-04-12, 4:33 pm |
| On 12 Apr 2004 10:12:23 -0700, bizby7@yahoo.com (Jack Boyce) wrote or
quoted :
>Now a verified digital ID from VeriSign seems to cost around $400,
>which is way too much for an open-source project to consider. I'm
>wondering if it's possible to create our own (unverified) ID and
>self-signed certificate, and sign our jar with that. I have hunted
>around and not seen any straightforward instructions on how to do
>this, or even an indication of whether it's possible.
see http://mindprod.com/jgloss/certificate.html (you can get one for
$200)
see http://mindprod.com/jgloss/keytool.html for how to roll your own
fake one.
see http://mindprod.com/jgloss/digitalsigning.html for an overview of
what is going on.
--
Canadian Mind Products, Roedy Green.
Coaching, problem solving, economical contract programming.
See http://mindprod.com/jgloss/jgloss.html for The Java Glossary.
| |
| Michel Gallant 2004-04-12, 5:51 pm |
| Yes, you can generate and use your own self-signed certificate.
It is all a matter of trust.
See the final box at:
http://www.jensign.com/JavaScience/Thawte
- Mitch Gallant
JavaScience Consulting
www.jensign.com
"Jack Boyce" <bizby7@yahoo.com> wrote in message
news:8af50320.0404120912.2c242e51@posting.google.com...
> I'm the admin of an open-source java project
> (http://jugglinglab.sourceforge.net), and a rank newbie to the topic
> of jar signing. I would like to be able to copy/paste text between my
> applet and other applications, and from what I understand this
> requires the applet to be trusted.
>
> Now a verified digital ID from VeriSign seems to cost around $400,
> which is way too much for an open-source project to consider. I'm
> wondering if it's possible to create our own (unverified) ID and
> self-signed certificate, and sign our jar with that. I have hunted
> around and not seen any straightforward instructions on how to do
> this, or even an indication of whether it's possible.
>
> Can anyone clue me in here? Thanks for the help!
>
> Jack
|
|
|
|
|