Date: Mon, 15 Dec 1997 09:30:30 -0800 (PST)
From: Gigi Ankeny <Gigi.Ankeny@Eng>
Subject: Re: creates a Duke identity, keys, certificate, then creates an archive and signs it.
To: java-security@web2.javasoft.com, jorendt@ozemail.com.au
John,
If you are using JDK1.1.4 or earlier version, there is a bug in javakey
that might have caused the problem when you try to generate the signed
jar file.
JDK1.1.5 is available now on line. You could get the updated version which
has the bug fix.
Hope that helps.
Gigi
>
> Hi
>
> Thanks for your Netscape and IE URLs regarding applet security.
>
> Now, I'm trying to follow the example on
>
> http://java.sun.com/security/signExample/doit on a PC
>
> which follows:
>
> #! /bin/csh
>
> # Step 1. Create the Duke identity, as a trusted identity
>
> javakey -cs Duke true
>
> # Step 2. Generate a keypair for Duke, and store the public key in a file
> named
> # Duke_pub and the private key in a file named Duke_priv
>
> javakey -gk Duke DSA 512 Duke_pub Duke_priv
>
> # Step 3. Generate an x509 certificate for Duke, and store it in the file
> # named Duke.x509. This output file name is given in the directive file
> # named cert_directive_Duke.
>
> javakey -gc cert_directive_Duke
>
> # Step 4. Create the archive.
>
> ***** John notes that one must also: javac writeFile.java to get
> writeFile.class
>
> jar cf signedWriteFile.jar writeFile.class writeFile.html
>
> # Step 5. Sign the archive, using the parameters given in
> sign_directive_Duke.
>
> javakey -gs sign_directive_Duke signedWriteFile.jar
>
> # Step 6. Move the signed archive to a file suffixed in .jar.
>
> mv signedWriteFile.jar.sig signedWriteFile.jar
>
> # Step 7. Show the contents of the signed archive.
>
> echo " "
> echo "Contents of the archive are: "
> jar tvf signedWriteFile.jar
>
> # Step 8 . Show the contents of the identity database.
>
> echo " "
> echo "Contents of the identity database are: "
> javakey -ld
>
>
> ------------------------------------------------------------------
>
> now here is my dos version of the same
>
> javakey -cs Duke true
> javakey -gk Duke DSA 512 Duke_pub Duke_priv
> javakey -gc cert_directive_Duke
> javac writeFile.java
> jar cf signedWriteFile.jar writeFile.class writeFile.html
> javakey -gs sign_directive_Duke signedWriteFile.jar
> del signedWriteFile.jar
> rename signedWriteFile.jar.sig signedWriteFile.jar
> jar tvf signedWriteFile.jar
>
> rem This process all seemed to work fine.
>
> rem until
>
> appletviewer signedWriteFile.html
>
> rem which for me generated a security exception
>
> -------------------------------------------------------
>
> do I need a signature from a cerifiying authority?
>
> Best
>
> John
>
>
>
>
>
>
> John Orendt jorendt@ozemail.com.au Sydney NSW Australia
> Check out my home page: http://www.ozemail.com.au/~jorendt/
> Home 61-2-9981-5890 Mobile 61-411-348700 PGP aware
>
> John Orendt jorendt@ozemail.com.au Sydney NSW Australia
> Check out my home page: http://www.ozemail.com.au/~jorendt
> Home 61-2-9981-5890 Mobile 61-411-348700 PGP Aware
>
>
===============================================================
( Gigi Ankeny
( ( JavaSoft Security Group Engineer
------
( Java )= 408-8633135
------ gigi.ankeny@eng.sun.com
http://www-cs-students.stanford.edu/~gigi
================================================================