To: java-security@java.sun.com
Message-Id: <005e01bda44b$4b28a7e0$46265c87@atlantis.hr-firewalls.lucent.com>
From: "Jatinder Bali" <jbali@lucent.com>
Subject: Clients and certificates ...
Date: Tue, 30 Jun 1998 13:19:51 -0400
This is a multi-part message in MIME format.
------=_NextPart_000_005B_01BDA429.C3673FE0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Hello,
=20
I have a basic question on signatures in 1.1.=20
=20
How do I protect clients from modifying license files signed by me. I =
need access to these files so that I can verify when it expires, etc ... =
and I also need a way to verify the signature on these files. Since my =
program is 100% java they can easily decompile it, change the public =
key, generate a new signature and hence modify the license file to =
whatever they please or simple bypass the code that checks the =
signatures.
=20
The basic problem here is that everything in Java is decompilable =
including appletviewer and javakey. Obfuscation helps but there are a =
lot of smart guys who can modify it in minutes.
=20
In "C" or "C++" it is fairly less obvious on how to do this. What is the =
equivalent security in Java. I cannot use a "C" or "C++" wrapper unless =
I have a "C" or "C++" implementation of the certificate/keys etc.
=20
I would appreciate any help.
=20
Thanks,
Jatinder
=20
=20
------=_NextPart_000_005B_01BDA429.C3673FE0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN">