ask a question about signed applet

gonghua (gonghua@online.sh.cn)
Mon, 24 May 1999 09:33:14 +0800

Date: Mon, 24 May 1999 09:33:14 +0800
From: gonghua <gonghua@online.sh.cn>
To: java-security@java.sun.com
Subject: ask a question about signed applet

Hi:

I am a java programer, I want to write applet that can do action to
native file,
so I used the signed applet, when I use the example of
http://java.sun.com/security/signExample/sitnedWriteFile.html ,it runs
well,but when I build the signed jar by myself.It does not work. I want
to know what 's wrong with my action, or Do I need something else such
as CA to do this action.
I am eager to get your help ,thanks a lot.

gonghua gonghua@online.sh.cn

******************************************************************************************

here attach the action step:

javakey -cs bbbb true
javakey -gk bbbb DSA 512 bbbb_pub bbbb_priv
javakey -gc cert.txt
javakey -gs sign.txt signedWriteFile.jar
del signedWriteFile.jar
mv signedWriteFile.jar.sig signedWriteFile.jar

************************
the os type NT4.0
the jdk version 1.1.4
the webserver NT IIS

************************
the cert.txt file:
# This is a sample certificate directive file.

# the id of the signer
issuer.name=bbbb

# the cert to use for the signing
issuer.cert=1

# the id of the subject
subject.name=bbbb

# the components of the X500 name for the subject
subject.real.name=bbbb
subject.org.unit=JavaSoft
subject.org=Sun MicroSystems
subject.country=US

# Various parameters: start and end date for validity and expiration
# of the certificate. Serial number. FIle to which to output the
# certificate (optional).
start.date=7 Apr 1998
end.date=6 Apr 2002
serial.number=1001
out.file=bbbb.x509

************************
the signed txt:
# Jar signing directive. This is the directive file used by javakey to
# sign a jar file.

# Which signer to use. This must be in the system's database.
signer=bbbb

# Cert number to use for this signer. This determines which
# certificate will be included in the PKCS7 block. This is mandatory
# and is 1 based.
cert=1

# Cert chain depth of a chain of certificate to include. This is
# currently not supported.
chain=0

# The name to give to the signature file and associated signature
# block. (i.e. DUKESIGN.SF and DUKESIGN.DSA). This must be 8
# characters or less.
signature.file=bbbbsig

************************
the javakey -ld output:

Scope: sun.security.IdentityDatabase, source file:
d:\jdk1.1.4\bin\..\identitydb.obj

[Signer]bbbb[identitydb.obj][trusted]
public and private keys initialized
certificates:
certificate 1 for : CN=bbbb, OU="JavaSoft ", O=Sun
MicroSystems, C=US
from : CN=bbbb, OU="JavaSoft ", O=Sun
MicroSystems, C=US

No further information available.

*************************
C:\gonghua\work5>jar tvf signedWriteFile.jar
292 Fri May 21 03:45:46 GMT+00:00 1999 META-INF/MANIFEST.MF
293 Fri May 21 09:18:24 GMT+00:00 1999 META-INF\BBBBSIG.SF
1026 Fri May 21 09:18:24 GMT+00:00 1999 META-INF\BBBBSIG.DSA
1777 Fri May 21 02:45:52 GMT+00:00 1999 writeFile.class
740 Thu May 20 04:17:04 GMT+00:00 1999 writeFile.html