Date: Tue, 22 Jul 1997 17:37:21 -0700 (PDT)
From: Jan Luehe <Jan.Luehe@Eng>
Subject: Re: class encryption
To: java-security@web2.javasoft.com, reast@esri.com
------------- Begin Forwarded Message -------------
Date: Tue, 22 Jul 1997 16:53:09 -0700
From: Mailer-Daemon@doppio (Mail Delivery Subsystem)
Subject: Returned mail: User unknown
To: <Jan.Luehe@Eng>
The original message was received at Tue, 22 Jul 1997 16:52:51 -0700
from engmail1 [129.146.1.13]
----- The following addresses had delivery problems -----
java-security-external (unrecoverable error)
(Sending this again, previous mail bounced)
Russell:
> is there any concept of Java class code encryption?
> Does a digital signature provide this within a JAR file?
> -- Russell
Currently, we only support Signed JAR files, which protect the
integrity and authenticity (but not the confidentiality!)
of JAVA class files, using digital signatures. The digital
signature information is stored as part of the JAR file,
in a so-called signature block file, using the PKCS#7 data format.
PKCS#7 defines many different data types. For signed JAR files,
we use the "signedData" type.
If you used the "envelopedData" or "encryptedData" data types within
PKCS#7, you might be able to implement Encrypted JAR Files,
where a user would have to provide a secret passphrase in order to
recover the classes provided in the JAR file. We have not implemented
Encrypted JAR files yet, but it seems pretty straight-forward.
Hope this helps!
Jan