数字签名
10 Steps to create a digital certificate and sign an applet
27-jul-00 : 5:17 :irene67
These steps describe the creation of a self-signed applet. This is useful for testing purposes. For use of public reachable applets, there will be needed a "real" certificate issued by an authority like VeriSign or Thawte. (See step 10 - no user will import and trust a self-signed applet from an unkown developer).
The applet needs to run in the plugin, as only the plugin is platform- and browser-independent. And without this indepence, it makes no sense to use java...
1. Create your code for the applet as usual. It is not necessary to set any permissions or use security managers in the code.
2. Install JDK 1.3 Path for use of the following commands: [jdk 1.3 path]\bin\ (commands are keytool, jar, jarsigner) Password for the keystore is *any* password. Only Sun knows why... perhaps ;-)
我装的是jdk1.2,ie5.5,java plugin 1.2,同样可行.
3. Generate key: keytool -genkey -alias tstkey Enter keystore password: ******* What is your first and last name? [Unknown]: Your Name What is the name of your organizational unit? [Unknown]: YourUnit What is the name of your organization? [Unknown]: YourOrg What is the name of your City or Locality? [Unknown]: YourCity What is the name of your State or Province? [Unknown]: YS What is the two-letter country code for this unit? [Unknown]: US Is CN=Your Name, OU=YourUnit, O=YourOrg, L=YourCity, ST=YS, C=US correct? [no]: yes
(wait...)
Enter key password for tstkey (RETURN if same as keystore password):
s = signature was verified m = entry is listed in manifest k = at least one certificate was found in keystore i = at least one certificate was found in identity scope
jar verified.
9. Create HTML-File for use of the Applet by the Sun Plugin 1.3 (recommended to use HTML Converter Version 1.3)
10. Place a link to the .crt file (created in step 4) in the HTML-File. This .crt file has to be opened by the browser and has to be set to trusted, as the root CA for testing is not known to the browser. For use with "real" certificates, this step should not be necessary.