what are signed applets ?

Discussion in 'Java' started by gk, Nov 22, 2005.

  1. gk

    gk Guest

    i know applets . but what are signed applets ? where it is used ?
     
    gk, Nov 22, 2005
    #1
    1. Advertising

  2. gk

    J. Verdrengh Guest

    In short: to be able to verify whether the applet has really been approved
    by the one who claims to have approved it.

    If you are surfing the web and you want to execute an applet, you want to be
    sure the applet has been approved by a person/company you trust (unless you
    like virusses etc). In order to realize this, the applet is signed by its
    publisher (person/company).

    The publisher has two keys: a (secret) private key and a public key. The
    first one is kept secret, the latter one is known to everybody who wants to
    know it (it can be found in a public directory of (public) keys, like a
    phone book).

    So the publisher wants to sign its applet. In the first stage, he uses a
    hash function (http://en.wikipedia.org/wiki/Hash_function) to get a
    relatively short array of bits that corresponds to the applet: the hashcode
    of the applet. Then the publisher encrypts that hashcode using his private
    key. Now the applet has been signed (so the signature is the encrypted
    hashcode).

    If a person wants to verify whether an applet has been really signed by the
    publisher and not by some spoofer, he only has te decrypt the (attached)
    signature using the publisher's public key. Then he calculates the hashcode
    of the applet. If the decrypted signature and the calculated hashcode
    match, the person knows that the applet has been signed by the publisher.
    Since it's very difficult to calculate the signature without the private
    key, the person can be quite sure the applet has been approved by the
    publisher.

    Notice that if the applet is altered by a third party, its hashcode changes
    and the signature is not longer valid.
     
    J. Verdrengh, Nov 22, 2005
    #2
    1. Advertising

  3. Hi,

    gk wrote:
    > i know applets . but what are signed applets ? where it is used ?


    Normally, applets are executed in a sandbox that e.g. prevents them from
    accessing the local hard disk. A signed applet however is allowed to
    leave the sandbox. The user must decide if he trusts the certificate, of
    course...

    Ciao,
    Ingo
     
    Ingo R. Homann, Nov 22, 2005
    #3
  4. gk

    Roedy Green Guest

    Roedy Green, Nov 22, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Rune Andresen

    RSA signed applets

    Rune Andresen, Sep 16, 2003, in forum: Java
    Replies:
    2
    Views:
    481
    Eric Sosman
    Sep 16, 2003
  2. Manjari

    Creating Signed Applets

    Manjari, Feb 24, 2004, in forum: Java
    Replies:
    3
    Views:
    1,694
    Andrew Thompson
    Feb 24, 2004
  3. PMA
    Replies:
    1
    Views:
    373
    Jeroen V.
    Apr 25, 2006
  4. John  Brayton
    Replies:
    4
    Views:
    1,022
    Andrew Thompson
    Oct 21, 2006
  5. Replies:
    10
    Views:
    1,227
    =?ISO-8859-1?Q?Arne_Vajh=F8j?=
    Dec 29, 2006
Loading...

Share This Page