Implementation method of Applet digital signature under Java2

The specific implementation method of Applet digital signature under Java2. My project is to use APPLET to create a real-time message queue monitoring program. Since local resources are involved, APPLET must be digitally signed and authenticated. The environment I use is WINDOWS2000, the application server is WEBLOGIC6.0, and the development environment is JBUILDER4.0. Before, I reminded everyone to pay attention to the concepts of server and client. Those files should be on the server side, and those files should be on the client side.

First use JRE1.3.0_01 (JAVA running environment version 1.3.0.1) on the client to replace IE's JVM (JAVA virtual machine). You can download it from the www.JAVA.SUN.COM website. Well, first install it on the client. The installation process is very simple.

It also needs to be included in the HTML file that calls APPLET on the server side, so that clients that do not have JRE installed in advance can download it. For the specific writing method, please read below;

The specific steps are as follows:

Server side:

1. Unzip all the various package files that the program needs to use (I want to use the JMS package of WEBLOGIC here using the command jar xf weblogicc.jar), and then use the JDK packaging command to combine the compiled monitoring program .class and the package just decompressed Packed together into one package. (The premise is that I have placed the monitoring program and the unpacked package in the same directory). They are all commands in dos state. For specific commands, see the bin directory of jdk1.3 (1.2).

The command is as follows:

jar cvf monitor.jar *.class

This command generates a package named monitor.jar

2. Create keystore and keys for the package file (monitor.jar) just created. Among them, the keystore will be used to store the authentication keys (private keys) and public keys. The alias alias is taken as monitor here.

The command is as follows:

keytool -genkey -keystore monitor.keystore –alias monitor

This command generates a keystore file named monitor.keystore, and then With this command, the system will ask you a lot of questions, such as your company name, your address, the password you want to set, etc. You can write them all casually.

3. Use the key just generated to sign the jar file

The command is as follows:

jarsigner -keystore monitor.keystore monitor.jar monitor

This command will monitor .jar files are signed and no new files will be generated.

4． Import the public key into a cer file. This cer file is the only file to be copied to the client.

The command is as follows:

keytool -export -keystore monitor.keystore -alias monitor -file monitor.cer

This command will generate the monitor.cer certification file , of course, these steps may ask you for the password you just set. This completes the server-side setup.

At this time, you can copy the jar file, keystore file and cer file (in my case, monitor.jar, monitor.keystore, monitor.cer) to the directory of the server. I use weblogic6.0, so I copy it to C:\bea\wlserver6.0\config\mydomain\applications\DefaultWebApp_myserver under a directory you created.

Client:

1. First you should install jre1.3.0_01, and then copy the monitor.cer file generated by the server to the specific directory of jre. Here is:

c:\program files\javasoft\jre\1.3.0_01 \lib\security directory.

2. Pour the public key into jre's cacerts (this is jre's default keystore)

The command is as follows:

keytool -import -alias monitor -file monitor.cer

p>

-keystore cacerts

Note that the password you are asked to enter here is the cacerts password, which should be changeit, not the keystore password you set yourself.

3. Modify the policy policy file and use the command policytool in the dos state.

The system will automatically pop up a policytool dialog box, as shown in Figure 4. Here, first select the open item of the file menu and open c:\ program files\javasoft\jre\1.3.0_01\lib\security directory, then select Change keystore in the edit menu, and enter new keystore url: in the dialog box

file: /c：/program files /javasoft/jre/1.3.0_01/lib/security/cacerts, pay attention to the backslash here, enter JKS in the new keystore type, this is the fixed format of cacerts, and then click Add Policy Entry, Enter CodeBase in the dialog box that appears:

/advance/520330.html