From: charlie@angeles.eng.sun.com (Charlie Lai)
Message-Id: <199808191932.MAA22748@angeles.eng.sun.com>
Subject: signed applets
To: sujathaj@usa.net
Date: Wed, 19 Aug 1998 12:32:36 -0800 (PDT)
In-Reply-To: <19980813185748.6030.qmail@www06.netaddress.usa.net> from "sujathaj@usa.net" at Aug 13, 98 06:57:48 pm
hi,
many questions like this can be answered at
http://java.sun.com/security
also check out
http://java.sun.com/security/signExample
> How is an applet signed?
in 1.1, you can use javakey
http://java.sun.com/security/usingJavakey.html
in 1.2, you can use jarsigner
http://java.sun.com/products/jdk/1.2/docs/guide/security/index.html
> Does that mean the applet is harmless?
no, it simply means that you know who signed the applet,
and that it wasn't modified while you downloaded it.
> Does signing authority verify it?
no, the person who downloads and runs the applet verifies it.
> Do they sign the source code or .class file?
the .class file is signed.
thanks,
charlie