Previous | Next | Trail Map | Security in JDK 1.2  | Contents

Signing Code and Granting It Permissions

This lesson illustrates the use of all the security-related tools ( keytool, jarsigner, and policytool). It also shows use of the jar tool to place files in JAR (Java ARchive) files for subsequent signing by the jarsigner tool.

In this lesson, you first execute steps to create an application, put it in a JAR file, sign the JAR file, and export the public key certificate corresponding to the private key used to sign the JAR file. For the convenience of the lesson, you pretend to be someone named "Susan Jones" and you supply information about her when you generate the keys.

Then you act as a person who has received the signed JAR file and the certificate. For the convenience of the examples, in this case you pretend to be someone named "Ray". You see how the signed application cannot normally read a file when it is run under a security manager. Then you use keytool to import the certificate into Ray's keystore in an entry aliased by "susan", and the Policy Tool to create an entry in Ray's policy file to permit code signed by "susan" to read the specified file. Finally, you see how the application running under a security manager can now read the file, since it has been granted permission to do so.

For further information regarding digital signatures, certificates, keystores, and the tools, see the API and Tools Use for Secure Code and File Exchanges(in the Java Security 1.2 trail) lesson.


Note regarding directories used by this lesson: You need to do everything in this lesson while working in the same directory as the one in which you store the sample application, but you should store the data file needed by the application in a different directory.

All the examples assume you are working in the C:\Test directory, and the data file is in the C:\TestData directory. If you are working on a Solaris system, substitute your own directory names for these.


Here are the steps:


Previous | Next | Trail Map | Security in JDK 1.2  | Contents