Signing Java code using JDK 1.1.8
To digitally sign Java code for Macintosh OS 9 one needs to use
self-signed certificates and the JDK 1.1 signing system. This page
describes how to do this signing on Windows.
It is possible to do the signing on a Macintosh, though some have
to work. This page focuses on Windows since many Java developers use
Windows as their development environment.
To follow this procedure you need Sun's JDK 1.1.8 or IBM's JDK 1.1.8.
Sun's version is more easily available, but it crashes on Windows XP.
Here are cookbook instructions for creating certificates and signing
using generic names and choices:
Create new signer MySignerName using javakey.exe from JDK 1.1.8 and
declare the signer to be trusted:
javakey -cs MySignerName true
Create public key mypub.pub and private key mypvt.pvt using MySignerName
signer (this takes about 30 seconds):
javakey -gk MySignerName DSA 512 mypub.pub mypvt.pvt
Check what numbers javakey assigns to certificates (for first
certificate none will be there, meaning you will start issuer.cert below
with the number 1). Test this using:
Create certificate directive file certdirective.txt with the following
content (issuer.name and subject.name need to be the same for a
self-signed certificate, issuer.cert needs to count from previous
certificates, starting from 1):
subject.org.unit=Secure Web Development
start.date=20 Nov 2003
end.date=20 Nov 2009
Use certdirective.txt to create a certificate (this takes a few
javakey -gc certdirective.txt
Display the certificate using:
javakey -dc mycert.cer
Verify that there is now a certificate using:
Create JAR directive file MyJarDirective.txt with the following contents
(where cert is the number previously assigned, starting with 1 for the
A file named identitydb.obj is created (the location is different using
JDKs from different companies).
Create the JAR file as follows:
"c:\Program Files\jdk118\bin\jar.exe" -cf Unsigned.jar H netscape\security\*.class
where notation for various files to be encoded is included, including
files in package H, stubs for Netscape security classes called by the
code, and data files with extension *.stf
- Sign the JAR files as follows:
"c:\Program Files\jdk118\bin\javakey.exe" -gs MyJarDirective.txt
This is very cookbook but it should work and allow you to get started.
For those interested platforms where real certificates can be used,
Thawte has some step-by-step
that are helpful but not always complete. For OS X one can use Java 2
signing; one can also use Netscape signing for Java 1 code running on OS X.
If you comments or suggestions please contact Mickey
Segal. A listing of many Java resources is at this link.