Securing Java

Previous Page
Previous Page
How to Sign Java Code Next Page
Next Page

This tutorial was put together by John Viega and Tom O'Connor, both research associates at Reliable Software Technologies. The four major sections each describe a separate vendor's code-signing tools, including:

  • Netscape's Object Signing
  • Microsoft's Authenticode
  • Sun's JDK 1.1 Code Signing
  • Sun's Java 2 Code Signing
Some of the tools are tricky to figure out and use. This tutorial should help.

Before you dig into this tutorial, you should read Chapter 3, "Beyond the Sandbox: Signed Code and Java 2," which discusses the major impact that signed code has on the Java security architecture. Of special interest are the sections entitled Signed Code (see page 88) and Trust (see page 92). The material there discusses the notions of trust, digital signatures, and certificate authorities.

Appendix C Sections
  1. Signing Classes with the Netscape Object Signing Tool
  2. Signing Java Applets with Microsoft's Authenticode
  3. Comparing Authenticode to Netscape Object Signing
  4. Signing Code with Sun's JDK 1.1.x
  5. Differences Between Netscape Object Signing and JDK 1.1.x javakey
  6. Signing Code with Sun's Java 2
  7. Differences between JDK 1.1 Code Signing and Java 2 Code Signing
  8. In Conclusion

Previous Page
Previous Page

The Web

Next Page
Next Page

Menu Map -- Text links below

Chapter... Preface -- 1 -- 2 -- 3 -- 4 -- 5 -- 6 -- 7 -- 8 -- 9 -- A -- B -- C -- Refs
Front -- Contents -- Help

Copyright ©1999 Gary McGraw and Edward Felten.
All rights reserved.
Published by John Wiley & Sons, Inc.