need to sign applet?

[Georg Andersson]

hi

i have a question about signin applets:

i'm developping a little applet only for use inside our company. this
applet is supposed to write some files on the users computer. well,
applets aren't allowed to read or write on the clients side unless
they intend to read or write on the same computer as the applet itself
is located. but is signing the applet the only way to let the this
things happen? to me, it just seams weird, that i have to sign my
applet inside my own network.

and: starting the applet from my own computer and trying to save data
to my own computer gives me also a java-security-exception. which, in
my opinion, shouldn't happen...

so, what would be the right approach for me to make my applet to work?

tx for any help or suggestions!!

 

[Andrew Thompson]

i have a question about signin applets: ....
..but is signing the applet the only way to let the this
things happen? to me, it just seams weird, that i have to sign my
applet inside my own network.

You could adjust the permissions of each
browser, but I have no experience with that.

tx for any help or suggestions!!

_Any_ help? OK... You seem to have
misplaced your 'shift' key, this may help..
<http://www.physci.org/kbd.jsp?key=shift> ;-)

 

[Patrick Wunderlich]

hi

i have a question about signin applets:

i'm developping a little applet only for use inside our company. this
applet is supposed to write some files on the users computer. well,
applets aren't allowed to read or write on the clients side unless
they intend to read or write on the same computer as the applet itself
is located. but is signing the applet the only way to let the this
things happen? to me, it just seams weird, that i have to sign my
applet inside my own network.

and: starting the applet from my own computer and trying to save data
to my own computer gives me also a java-security-exception. which, in
my opinion, shouldn't happen...

There is no other way then signing your applet. Even on your own computer,
when you start your applet in a browser over http protocol (!), the
applet has
restricted rights and that is good so The applet does not know that
it is on
your own computer. If you start your applet with the appletviewer, it
has all rights.

Do you know how to sign an applet?

Regards,
Patrick Wunderlich

 

[Mickey Segal]

There is no other way then signing your applet.

Certain IDEs will allow you to run an applet with full permissions from the
IDE without signing it.

 

[Andrew Thompson]

Georg Andersson wrote: .... ....
There is no other way then signing your applet.

Or..
<http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/policytool.html#Introduction>

Not practical for web distribution, but could
be the best bet for a small collection of
PC's in a controlled envionment.

 

[Roedy Green]

so, what would be the right approach for me to make my applet to work?

Sign it with a phony self-signed cert. You can install the cert in
all the cacerts on the net to avoid it being considered weird.

See http://mindprod.com/jgloss/signedapplets.html and chase links.

It has to be signed, otherwise copies of it leaking to the outside
world could cause havoc. Only signed code can be trusted.

 

[Roedy Green]

and: starting the applet from my own computer and trying to save data
to my own computer gives me also a java-security-exception. which, in
my opinion, shouldn't happen...

you can change the policy file to give yourself special automatic
permission.


see http://mindprod.com/jgloss/policyfile.html

 

[Georg Andersson]

Hi Patrick

Do you know how to sign an applet?

to be honest: i have no idea. i'm pretty new to this applet-stuff and
wasn't aware of the problematics about security. so, if you have
usefull advises or links for me...

tx anyway!

 

[Andrew Thompson]

...
to be honest: i have no idea. ...so, if you have
usefull advises or links for me...

How did you go with Roedy's first link
on signing applets?

He tries to find the best sources of
information, or he writes it.

Note he also gave a link to further info.
on the PolicyTool, which may work for you
on an intranet.

 

[Patrick Wunderlich]

to be honest: i have no idea. i'm pretty new to this applet-stuff and
wasn't aware of the problematics about security. so, if you have
usefull advises or links for me...

tx anyway!

There are 3 basic steps to sign an applet:

(1) Generate key

keytool -genkey -keyalg rsa -alias myKey

Your are asked for a password and some other stuff (name, company, ...)
"myKey" is the name of the generated key
All generated keys are stored in <home_dir>/.keystore
"keytool" is located in "j2sdk/jre/bin"


(2) Generate certificate

keytool -export -alias myKey -file myCertificate

Uses generated key "myKey" in order to generate a
new certificate with name "myCertificate" and stores
"myCertificate" in the current directory


(3) Sign your JAR archive

jarsigner -storepass myPassword -signedjar signed.jar original.jar myKey

"myCertificate" must be loacted in the same directory.
Signing only works with Jara archives
"jarsigner" is located in "j2sdk/bin"


Some useful links:

Howto (german): http://www.olison.com/sites/signatur.php
Howto: http://bij.isi.uu.nl/applet.htm
Ant-Task: http://ant.apache.org/manual/CoreTasks/signjar.html
Sun Applet-Security FAQ: http://java.sun.com/sfaq/


Hope this helps...

Regards,
Patrick Wunderlich