User-agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.4) Gecko/20030624 Netscape/7.1
Hello:
The boss has indicated that for one of our products, since it can
contact and obtain classes from other machines outside our local
networks, he would like some mechanism for verifying the authenticity of
the outside classes. We will provide the outside classes, but we want to
make sure that they don't get hacked/modified while sitting on machines
out of our control
I know little to nothing about security, but I have been looking into
signed jar files. I have been able to generate keys and sign the jar
files properly, but I either don't understand the limitations of this
process, or if it's much less sophisticated than I anticipated. I
created a program called "KeyToolTest.java", which just prints out a
message, and after creating the manifest file for the program and
compiling the program to a class file I generated keys (etc.) as follows:
keytool -genkey -keystore test.store
keytool -export -keystore test.store -alias test -file test.cert
jar cmf manifest KeyToolTest.jar KeyToolTest.class
jarsigner -keystore test.store KeyToolTest.jar test
What I thought would happen would be that if I copied the signed jar
file to another machine without any cert's or keystores installed on
it(in other words, the remote machine is oblivious to the fact that this
is a signed program), I assumed that the when the JVM was invoked it
would identify the file as signed, attempt to look for a cert, and then
either run the program if the key exists or throw a security exception
if it didn't. Since I did not transfer any stores or certs to the remote
machine, I anticipated that an attempt to execute the signed jar file
would fail. What happened instead was that the "foreign" machine (a Red
Hat Linux 9.0 w/JDK1.4.2) went ahead and ran the jar file without
complaining about anything. It didn't care that the program was signed
or not. Using "jar xvf KeyToolTest.jar" reveals that the META-INF
manifest file has been modified and as anticipated the we now have two
more files with a .DSA and a .SF extension.
I realize that I can verify that the file is signed via "jarsigner
-verify" prior to attempting to load foreign programs/classes, but I
really thought this securtiy mechanism would be much more sophisticated
and aggressive than this.
Am I doing something wrong or is this really how these certificates
work? We are not interested in paying money to Thawte or Verisign for
certificates at this time.
Thank you for your time.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Java-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/java-dev/email@hidden
