在java论坛上有一篇关于加密applet的帖子,如下:These steps describe the creation of a self-signed applet. This is useful for testing purposes. For use of public reachable applets, there will be needed a "real" certificate issued by an authority like VeriSign or Thawte. (See step 10 - no user will import and trust a self-signed applet from an unkown developer). The applet needs to run in the plugin, as only the plugin is platform- and browser-independent. And without this indepence, it makes no sense to use java... 1. Create your code for the applet as usual. It is not necessary to set any permissions or use security managers in the code. 2. Install JDK 1.3 Path for use of the following commands: [jdk 1.3 path]\bin\ (commands are keytool, jar, jarsigner) Password for the keystore is *any* password. Only Sun knows why... perhaps ;-) 3. Generate key: keytool -genkey -keyalg rsa -alias tstkey Enter keystore password: ******* What is your first and last name? [Unknown]: Your Name What is the name of your organizational unit? [Unknown]: YourUnit What is the name of your organization? [Unknown]: YourOrg What is the name of your City or Locality? [Unknown]: YourCity What is the name of your State or Province? [Unknown]: YS What is the two-letter country code for this unit? [Unknown]: US Is CN=Your Name, OU=YourUnit, O=YourOrg, L=YourCity, ST=YS, C=US correct? [no]: yes (wait...) Enter key password for tstkey (RETURN if same as keystore password): (press [enter]) 4. Export key: keytool -export -alias tstkey -file tstcert.crt Enter keystore password: ******* Certificate stored in file tstcert.crt 5. Create JAR: jar cvf tst.jar tst.class Add all classes used in your project by typing the classnames in the same line. added manifest adding: tst.class(in = 849) (out= 536)(deflated 36%) 6. Verify JAR: jar tvf tst.jar Thu Jul 27 12:58:28 GMT+02:00 2000 META-INF/ 68 Thu Jul 27 12:58:28 GMT+02:00 2000 META-INF/MANIFEST.MF 849 Thu Jul 27 12:49:04 GMT+02:00 2000 tst.class 7. Sign JAR: jarsigner tst.jar tstkey Enter Passphrase for keystore: ******* 8. Verifiy Signing: jarsigner -verify -verbose -certs tst.jar 130 Thu Jul 27 13:04:12 GMT+02:00 2000 META-INF/MANIFEST.MF 183 Thu Jul 27 13:04:12 GMT+02:00 2000 META-INF/TSTKEY.SF 920 Thu Jul 27 13:04:12 GMT+02:00 2000 META-INF/TSTKEY.RSA Thu Jul 27 12:58:28 GMT+02:00 2000 META-INF/ smk 849 Thu Jul 27 12:49:04 GMT+02:00 2000 tst.class X.509, CN=Your Name, OU=YourUnit, O=YourOrg, L=YourCity, ST=YS, C=US (tstkey) s = signature was verified m = entry is listed in manifest k = at least one certificate was found in keystore i = at least one certificate was found in identity scope jar verified. 9. Create HTML-File for use of the Applet by the Sun Plugin 1.3 (recommended to use HTML Converter Version 1.3) 10. Place a link to the .crt file (created in step 4) in the HTML-File. This .crt file has to be opened by the browser and has to be set to trusted, as the root CA for testing is not known to the browser. For use with "real" certificates, this step should not be necessary. I needed two long days, to find out these steps. As the documentation at Sun and other Sites is more confusing than clarifying (due to the hundreds of java, plugin and browser versions), i post the steps here. I hope that others may reach the goal in less time ;-) I'm working on Microsoft platforms and did not test the steps elsewhere. Reply to this message
to skyyoung(路人甲) 多谢! 以后多交流。to lmy2000(pluto) Thanks! I'll try it! when finished,I'll tell you the result as soon as possible!
在java论坛上有一篇关于加密applet的帖子,如下:These steps describe the creation of a self-signed applet. This is useful for testing purposes. For use of public reachable applets, there will be needed a "real" certificate issued by an authority like VeriSign or Thawte. (See step 10 - no user will import and trust a self-signed applet from an unkown developer). The applet needs to run in the plugin, as only the plugin is platform- and browser-independent. And without this indepence, it makes no sense to use java... 1. Create your code for the applet as usual.
It is not necessary to set any permissions or use security managers in
the code. 2. Install JDK 1.3
Path for use of the following commands: [jdk 1.3 path]\bin\
(commands are keytool, jar, jarsigner)
Password for the keystore is *any* password. Only Sun knows why...
perhaps ;-) 3. Generate key: keytool -genkey -keyalg rsa -alias tstkey
Enter keystore password: *******
What is your first and last name?
[Unknown]: Your Name
What is the name of your organizational unit?
[Unknown]: YourUnit
What is the name of your organization?
[Unknown]: YourOrg
What is the name of your City or Locality?
[Unknown]: YourCity
What is the name of your State or Province?
[Unknown]: YS
What is the two-letter country code for this unit?
[Unknown]: US
Is CN=Your Name, OU=YourUnit, O=YourOrg, L=YourCity, ST=YS, C=US
correct?
[no]: yes (wait...) Enter key password for tstkey
(RETURN if same as keystore password): (press [enter]) 4. Export key: keytool -export -alias tstkey -file tstcert.crt Enter keystore password: *******
Certificate stored in file tstcert.crt 5. Create JAR: jar cvf tst.jar tst.class
Add all classes used in your project by typing the classnames in the
same line. added manifest
adding: tst.class(in = 849) (out= 536)(deflated 36%) 6. Verify JAR: jar tvf tst.jar Thu Jul 27 12:58:28 GMT+02:00 2000 META-INF/
68 Thu Jul 27 12:58:28 GMT+02:00 2000 META-INF/MANIFEST.MF
849 Thu Jul 27 12:49:04 GMT+02:00 2000 tst.class 7. Sign JAR: jarsigner tst.jar tstkey
Enter Passphrase for keystore: ******* 8. Verifiy Signing: jarsigner -verify -verbose -certs tst.jar 130 Thu Jul 27 13:04:12 GMT+02:00 2000 META-INF/MANIFEST.MF
183 Thu Jul 27 13:04:12 GMT+02:00 2000 META-INF/TSTKEY.SF
920 Thu Jul 27 13:04:12 GMT+02:00 2000 META-INF/TSTKEY.RSA
Thu Jul 27 12:58:28 GMT+02:00 2000 META-INF/
smk 849 Thu Jul 27 12:49:04 GMT+02:00 2000 tst.class X.509, CN=Your Name, OU=YourUnit, O=YourOrg, L=YourCity, ST=YS, C=US
(tstkey) s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity scope jar verified. 9. Create HTML-File for use of the Applet by the Sun Plugin 1.3
(recommended to use HTML Converter Version 1.3) 10. Place a link to the .crt file (created in step 4) in the HTML-File.
This .crt file has to be opened by the browser and has to be set to
trusted,
as the root CA for testing is not known to the browser. For use with
"real" certificates, this step should not be necessary. I needed two long days, to find out these steps. As the documentation at Sun and other Sites is more confusing than clarifying (due to the hundreds of java, plugin and browser versions), i post the steps here. I hope that others may reach the goal in less time ;-) I'm working on Microsoft platforms and did not test the steps elsewhere. Reply to this message
多谢!
以后多交流。to lmy2000(pluto)
Thanks!
I'll try it!
when finished,I'll tell you the result as soon as possible!