• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Signing JAR Files

 
Ranch Hand
Posts: 200
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
I want to know what is the purpose of siging the jar files? For Example: If i want to send my files to my client/whoever it is, instead of sending all tghe files separately, we are compressing and sending as a sinfle Jar file just like Zip file(?).

Signing the Jar file is like zipping the file with password protection?
What is the purpose of verfication?
Please clarify my doubts. I have read the Sun site for Jaring, but I confused.
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
No, signing has nothing to do with password protection. During signing a digital certificate is applied to the jar file (your certificate in this case). It essentially tells the user: This file war created by Mark Henryson, it has not been tampered with since he created it, and Mark vouches for the file contents. Seeing your certificate, users who know you would presumably have a better feeling about using the file.

Signing a jar file is often used with applets, in order to get around the restrictions that browsers generally place on their execution. If the user accepts an applets certificate, then the security restrictions no longer apply.
 
Mark Henryson
Ranch Hand
Posts: 200
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for your prompt reply.
But I have one doubt, how will the user/client uniquely identify, whether this jar has been written by Mark(Henryson). Since the user can get the jars from another Mark(Taylor) also.
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The certificate includes your full name, location and organization, so it's unlikely that someone else would have the same information in their certificate.
 
Mark Henryson
Ranch Hand
Posts: 200
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for your prompt reply.
But I have one doubt, how will the user/client uniquely identify, whether this jar has been written by Mark(Henryson). Since the user can get the jars from another Mark(Taylor) also.
 
Java Cowboy
Posts: 16084
88
Android Scala IntelliJ IDE Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You get (or rather, you buy) an official certificate from a trusted third party, for example a company like Verisign. Verisign tells the client "This is Mark Henryson's certificate and we guarantee you that it is an official certificate that has not been tampered with".

You can also generate your own certificate with the tools in the JDK, but ofcourse that's not very useful for for real purposes, because the client has no reason to believe your cerificate is trustworthy if you generate it yourself.
[ October 31, 2006: Message edited by: Jesper Young ]
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic