< Zurück | Inhalt | Weiter >

jarsigner

This is a utility for digitally signing JAR file. Once a JAR is signed, anyone looking at it can be sure of two things—first, the file was definitely pre- pared by the owner of the private key that matches the public key used to verify the signature;29 and second, the JAR file has not been modified in any way since it was signed. In other words, depending upon the care with which the signer treats his/her private key, this certifies the authenticity


image

29. A discussion of public/private keys as an authentication mechanism is beyond our scope here. As a shameless plug, Mr. Schwarz would like to point you to Chapter 10 of his previous book, Multitool Linux, which contains a beginner’s introduction to public key authentication using GnuPG. Of course, a quick Google search will find you many online descriptions that are free.

5.12 The Rest of the Toolkit 165

image


and accuracy of the JAR file; you can trust it as much as you trust the signer.

Generally speaking, an applet must be signed by a key that the user trusts in order for the applet to increase its security access to the client machine (open/read/write files, access the printer, and so on). But we don’t cover applets in this book.