Re: help

Marianne Mueller (mrm@eng.sun.com)
Fri, 31 Jan 1997 11:51:18 -0800

Date: Fri, 31 Jan 1997 11:51:18 -0800
Message-Id: <199701311951.LAA17223@puffin.eng.sun.com>
From: Marianne Mueller <mrm@eng.sun.com>
To: dzhang@trcinc.com
Subject: Re: help

> Based on my reading, you need the public key of the author to verify the
> document, am I right? If this is true, then I need to provide Jar the
> public key.

This is correct. You need to

a) generate a public and private key pair for the signer

b) generate a certificate for the signer

c) use javakey and its access to the signer's private key
to sign the file

d) distribute the certificate of the signer to the people
who will try to use your signed JAR archive

(this is separate from distributing the signed archive
itself)

You don't provide jar with the public key, however. What you need to
do is import the certificate of the signer into the identity database
on the client system.

That is, suppose the client wants to read your signed JAR archive and
verify the signature. You need to send him the certificate
containing the public key. *he* needs to import that certificate
into his identity database. The steps for doing this are as follows.
Suppose the nickname for the identity is "dzhang", and that you mailed
him your certificate, and he saved it in a file named /tmp/dzhang.x509

% javakey -c dzhang true
% javakey -ic dzhang /tmp/dzhang.x509

Marianne

p.s. Please refer to these documents

Using Javakey -- http://java.sun.com/security/usingJavakey.html
Policy Recommendations - http://java.sun.com/security/policy.html

and our hypermail archive

http://jeeves.javasoft.com:8080/hypermail/java-security-html/