|
To access the contents, click the chapter and section titles.
Platinum Edition Using HTML 4, XML, and Java 1.2
The simplest way to use jarsigner is to type jarsigner MyJarFile.jar In this case jarsigner will use the default keystore (.keystore in your home directory) and will prompt you for the passwords to the keystore and the password. jarsigner will also use the default alias, mykey. The output will be written to the file named MyJarFile.jar, overwriting the original file. You can specify more information on the command line: jarsigner -keystore C:\JDK\projects\.keystore -signedjar ⇒MySignedJarFile.jar MyJarFile.jar mike tells jarsigner to sign the file MyJarFile.jar by using the certificate associated with the alias mike. The keystore is located at C:\JDK\projects\.keystore. The output is written to MySignedJarFile.jar, and the original file (MyJarFile.jar) is left unchanged.
Working with Encryption from Inside Your ProgramYou can write Java to do everything weve just done from the command line. Look at the documentation in java.security and its subpackages, java.security.cert, java.security.interfaces, and java.security.spec. These packages provide you with such classes as KeyPairGenerator, Signature, and MessageDigest, and the interface Key. You can read more about the new JDK 1.2 security architecture in your JDK documentation at docs/guide/security/spec/security-spec.doc.html. You can also get detailed information about using the jar and javakey tools in the JDK 1.2 documentation.
Open Issues on SecurityIn the case of Java, the security is only as good as its runtime implementation. Holes have been found and fixed in various implementations, but these same issues may arise again in future implementations as Java is ported to other platforms. After all, each version of the JVM needs to be written in a platform-specific programming language, such as C, and can have its own flaws and weaknesses. Aside from that, many types of malicious behavior are difficult (if not impossible) to avoid. No matter what is done to the Java security model, for instance, it will not stop someone from putting rude or obscene material in an applet or starting long, resource-intensive processes. Such actions are not defects but will continue to be nuisances. For links to and discussions of current problems and a chronology of security-related bugs, see the Java Security FAQ at http://java.sun.com/sfaq/index.html. Every implementation of Java has its own open issues, and Suns is no exception. The best thing to do is to keep on top of the issues for the implementation you are using. Further References on Java and SecurityThe following references can help you keep up with the changing world of Java security. It is by no means a comprehensive list, but it should get you started on researching the topic further and give you some valuable starting places from which to continue your research.
|
Products | Contact Us | About Us | Privacy | Ad Info | Home
Use of this site is subject to certain Terms & Conditions, Copyright © 1996-2000 EarthWeb Inc. All rights reserved. Reproduction whole or in part in any form or medium without express written permission of EarthWeb is prohibited. Read EarthWeb's privacy statement. |