Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How can I set the publisher name in my signed jar file, using a self-signed certificate?

I've compiled my applet, created a jar file, generated a keystore db with keytool, signed the jar with jarsigner, and exported the public key cert with keytool.

Now when I run my applet in the browser it does work, after prompting me if I'm sure I want it to run.

The problem is it says "Publisher: UNKNOWN" in the box. Is there anyway I can set that to my alias, since I coded the applet?

like image 319
Steven Colgrove Avatar asked May 22 '11 06:05

Steven Colgrove


People also ask

How do I make a signed jar?

Digitally sign JARs with jarsignerCreate a JAR file with Java's JAR utility. Create public and private keys with Java's keytool. Export the server-side digital certificate with the keytool. Use the jarsigner tool to sign the JAR file digitally.

Are JAR files signed?

You use the JAR Signing and Verification Tool to sign JAR files and time stamp the signature. You invoke the JAR Signing and Verification Tool by using the jarsigner command, so we'll refer to it as "Jarsigner" for short. To sign a JAR file, you must first have a private key.

Why is jar signing required?

Signing a jar file, just like using certificates in other contexts, is done so that people using it know where it came from. People may trust that Chris Carruthers isn't going to write malicious code, and so they're willing to allow your applet access to their file system.


1 Answers

A 'self signed' certificate is not worth the bits it is written on. If you can make a certificate that claims it is you, I can just as easily forge one.

That is why the JRE lists the publisher as 'unknown'. It does not matter who they claim to be, it is ignored unless the certificate has been verified by a trusted authority.

like image 91
Andrew Thompson Avatar answered Sep 27 '22 03:09

Andrew Thompson