The JavaTM Tutorial
Previous Page Lesson Contents Next Page Start of Tutorial > Start of Trail Search

Trail: Security in JDK 1.2

Lesson: Signing Code and Granting It Permissions

This lesson illustrates the use of the security-related tools ( keytool, jarsigner, and Policy Tool). It also shows use of the jar tool to place files in JAR (Java ARchive) files for subsequent signing by the jarsigner tool.

In this lesson you first execute steps to create an application, put it in a JAR file, sign the JAR file, and export the public key certificate corresponding to the private key used to sign the JAR file. For convenience, you pretend to be Susan Jones, and you supply information about her when you generate the keys.

Then you act as the recipient of the signed JAR file and the certificate. For convenience, you pretend to be Ray. You see how the signed application cannot normally read a file when it is run under a security manager. Then you use keytool to import the certificate into Ray's keystore in an entry aliased by susan, and the Policy Tool to create an entry in Ray's policy file to permit code signed by susan to read the specified file. Finally, you see how the application running under a security manager can now read the file, since it has been granted permission to do so.

For further information about digital signatures, certificates, keystores, and the tools, see the API and Tools Use for Secure Code and File Exchanges(in the Java Security 1.2 trail) lesson.


Important Note: You need to do everything in this lesson while working in the directory in which you store the sample application, but you should store the data file needed by the application in a different directory. All of the examples assume that you are working in the C:\Test directory, and that the data file is in the C:\TestData directory. If you are working on a UNIX system, substitute your own directory names.

Here are the steps:


Previous Page Lesson Contents Next Page Start of Tutorial > Start of Trail Search