[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [iaik-ssl] [iaik-jce] Applet Signing Using Keys Stored in HSM

-----Original Message-----
From: iaik-jce-owner@iaik.tu-graz.ac.at [mailto:iaik-jce-owner@iaik.tu-graz.ac.at]On Behalf Of Nick Kramer
Sent: Tuesday, January 08, 2002 3:54 PM
To: iaik-jce@iaik.at; iaik-ssl@iaik.at
Subject: [iaik-jce] Applet Signing Using Keys Stored in HSM

Hi all,
  I know how to use different java tools like jarsigner, keytool etc to sign general jar files and java applets too. But i want to do it in my application, i mean using my own application interface, using different functions at back end. Also i want to use Keys generated in HSM. Is it something different from simple file signing? Where does the signature go ? Any difference in contents of applet jar file? I have seen few examples but there does not look  any difference. How to  
hi Nick,
you can find the JAR specification at http://java.sun.com/j2se/1.3/docs/guide/jar/jar.html. but it is quite tricky to implement a JAR signing tool solely with this documentation.
in principle, a signed JAR contains (at least) two more files than an unsigned version of the same JAR - a myKey.sf and a myKey.rsa. the .sf file is something like a manifest of the manifest and the .rsa file is a PKCS#7 signature file with the signer's certificate in it. the (external) signed data of the PKCS#7 signature is the .sf file.
however, all i said is only valid for SUN's Java plug-in. if you run the applet with a browser VM you need a different format. there is a signing tool for Internet Explorer and one for Netscape. they use different formats. great fun, itsn't it? :-(
 deploy signed applets and how to use when they are downloaded. I know i have asked many questions but i am looking forward for your kind response. 
we are looking forward for a big order ;-)


Karl Scheibelhofer, <mailto:Karl.Scheibelhofer@iaik.at>
Institute for Applied Information Processing and Communications (IAIK)
at Graz University of Technology , Austria, http://www.iaik.at and http://jcewww.iaik.at
Phone: (+43) (316) 873-5540

Nick Karamer