JAR Signing in JDK 1.1
- From: "Scott" <kidder.scott@xxxxxxxxx>
- Date: 15 Mar 2006 13:58:08 -0800
A project I'm working on is faced with a requirement that our Java
Applet and its associated resources be compatible with JDK 1.1, which
includes the Microsoft JVM. The Applet is packaged in a digitally
signed jar file using a verifiable certificate.
My question is: assuming that the client has accepted the certificate
used to sign the Applet jar, how can the Applet program force the user
to verify the digital signatures associated with additional resources
it may download to the client machine? These resources are streamed to
the client machine over a raw socket, and not downloaded using the
browser.
It is important that our Applet verify the integrity of any resources
it downloads to the client machine, and that the user be aware of the
identity of the producers of all resources it installs on the client
machine. Keep in mind that the solution must be compatible with JDK
1.1. Any help will be greatly appreciated, thanks!
--
Scott Kidder
.
- Prev by Date: Generating a MAC using a pre-shared key
- Next by Date: Re: Generating a MAC using a pre-shared key
- Previous by thread: Generating a MAC using a pre-shared key
- Next by thread: en-/decrypting files with java
- Index(es):
Relevant Pages
|
