JAR Signing

Sven M. Resch (sven@bc.sympatico.ca)
Fri, 18 Sep 1998 20:26:20 -0700

Hi There.

The company I work for recently purchased Class 3 certificates from
VeriSign for MS Authenticode and Netscape Object signing. These certs
consist of a .spc & .pvk file for signing a CAB file, and a .p12 file for
signing a JAR for Netscape.

>From what I've read on your WEB site, the signing of a JAR for use by Java
Plug-In seems easy enough. But what I am not sure of is if in order to be
authenticated by a client machine, that the only way that this works is for
the client to install an .obj file locally.

This seems like a real draw back on an enterprises intranet... which is
where I plan on deploying an application that uses Java Plug-In. Can I not
use an authenticated certificate from a company like VeriSign to sign the
JAR and accomplish the security process transparently for users?

Thanks in advance.

Sven.
______________________________________________
sven m. resch
java engineer, avue technologies corp
+ email: sven@bc.sympatico.ca
& web: http://www.avuetech.com/
( voice: 250.592.2030 1 fax: 253.573.1876