Verifying signed jar files from C

Discussion in 'Java' started by Paul J. Lucas, Jan 8, 2007.

  1. I have a double-clickable application (for both Windows and Mac OS X) written
    in Java (stored in jar files) that uses a native launcher written in C to
    start a JVM and run a particular class's main() contained in one of the jar
    files.

    I want to sign the jar files at build-time and later verify them at run-time
    to ensure they haven't been altered. I want to do the verification as part
    of the launcher written in C because somebody could still modify the jar
    files and either leave them unsigned or resign them with his own self-signed
    certificate.

    I've done a lot of Google searches and I haven't been able to find any
    information on doing what I want. (I only find stuff on signing applets and
    verifying jar files with the jarsigner command-line tool.)

    Can I do what I want and, if so, how?

    - Paul
    Paul J. Lucas, Jan 8, 2007
    #1
    1. Advertising

  2. Paul J. Lucas wrote:
    > I have a double-clickable application (for both Windows and Mac OS X) written
    > in Java (stored in jar files)

    ....
    > I want to sign the jar files at build-time and later verify them at run-time
    > to ensure they haven't been altered.

    ....
    > Can I do what I want and, if so, how?


    Use web-start. It will give the user desktop icons for
    win & mac (and unix/linux, if required), and will handle
    the verification for you.

    While there may be ways to launch a web-started
    application from 'the class files' - I have never seen
    it done, and it would be at the mercy of changes in
    web-start itself (the tech. people specifically warn
    against relying on a given cache location, and any
    attempt to launch it would probably need to look
    to the classes in the cache).

    Just how technically proficient do you expect your
    end users to be? (I reckon by the time they could
    hack a solution together under web-start, they might
    just as easily have hunted down the parts of the C
    code that invoke the signature check).

    Andrew T.
    Andrew Thompson, Jan 8, 2007
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Kerry Sanders
    Replies:
    1
    Views:
    743
    apadgett
    Sep 17, 2009
  2. Arnold Peters
    Replies:
    0
    Views:
    554
    Arnold Peters
    Jan 5, 2005
  3. muttley
    Replies:
    0
    Views:
    2,688
    muttley
    Oct 20, 2005
  4. Replies:
    0
    Views:
    326
  5. Jon Lim
    Replies:
    0
    Views:
    143
    Jon Lim
    Nov 21, 2005
Loading...

Share This Page