Date: Wed, 26 Mar 1997 10:21:32 -0800
Message-Id: <199703261821.KAA13506@puffin.eng.sun.com>
From: Marianne Mueller <mrm@eng.sun.com>
To: dharkey@email.sjsu.edu
Subject: Re: Signed Jar Files
Since this is for educational/noncommercial purposes, you can get the
entire source code for JDK 1.1 and see the steps that javakey is going
through. Please check out
http://java.sun.com/products/jdk/1.1/source.html
for more info on how to get the source. You need to sign and fax us a
copy of the licensing agreeement.
javakey is implemented by internal classes in sun.security.provider.
The main() is in sun.security.provider.Main. Once you have the
source release, look in
src/share/sun/sun/security/provider/Main.java.
Note that javakey and other tools are works in progress, and that
anything in the sun.* hierarchy is subject to change.
Other classes in the sun.* hierarchy that you might be interested in
are the classes that implement JAR, in sun.tools.jar, including
JarVerifierStream.java.
Marianne
> Date: Wed, 26 Mar 1997 09:57:32 -0800
> From: Dan Harkey <dharkey@email.sjsu.edu>
> Reply-To: dharkey@email.sjsu.edu
> Organization: San Jose State University
>
> For tutorial purposes I would like to show how the META-INF files are
> generated programatically in a signed Jar file. Assuming I have one
> signer called Duke, the files in the META-INF files created by the Jar
> and Javakey tools would be MANIFEST.MF, DUKE.SF, and DUKE.DSA. I
> understand how to create MANIFEST.MF and DUKE.SF but I'm confused about
> how DUKE.DSA is generated.
>
> According to the Manifest Format spec, DUKE.DSA is a signed version of
> DUKE.SF. What do I have to do to create this file programatically?
> It's apparently more than just running it through the Signature class.
> Are all of the classes I need to do this available to me or is Javakey
> using private classes to create the file?
>
> Thanks,
> Dan Harkey
>