Is it possible to digitally sign a jar file that will be used to install CF in WebSphere?
I am currently working for a contractor for the DoD. We are maintaining a project that uses CF installed as an application through WebSphere. We are currently going through a security checklist and being asked to provide evidence that the CF application has a digital signature. From what we can gather they are looking to see that the jar file installed into WebSphere is digitally signed. We have reached out to IBM, and have received a response that digital signatures are recognized by WebSphere.
Unfortunately, it seems that those that are looking for the evidence do not know much more than what the checklist requirement states. They cannot provide more details or expand on what they need. Any assistance or advice in this matter would be appreciated.
Thanks,
Masterkeedu wrote: !! It worked.
Congratulations. :-)
Masterkeedu wrote: So it's not certified, but is signed.
So as I understand this, it means the end-user has no way to know it was me that truly signed it. But relies on their common sense I suppose.
That is correct. The CA has verified, and is certifying, that you are who you claim to be. If you or I use a 'self signed' certificate, it does not carry the same level of trust. As you might understand already, the dialogs are different between the two certificate types, and some users cannot accept trusted code from an unverified (self-signed) certificate.
I have been meaning to write a page on the differences between the two certificates. It is well worth looking into getting a cert. from a CA.
There was a stage when one of the major CAs were offering 'freemail' certificates that came emblazoned not with your name, but 'free mail' itself. I did not like them because of that, and continue to use a self-signed certificate.
Similar Messages
-
Digitally sign a jar file for distribution?
I recently got a jar of mine hosted for client use though a web page.
The problem is that the jar needs to access the internet for several functions. JWS prompts the user for security reasons every time it makes a connection to a new url endpoint. Since one operation alone can hit 56 url's i thought this could be a bit of a hassle to the users.
The solution, as I understand it to be, is to digitally sign the jar file, so the user is prompted once on download.
I found a site ascertia which offers free certificates, but for the life of me I canb not get this to work.n I have seen keytool generate numerous errors, none of which mean anything to me. (too long >59, cant read chain from reply, invalid cert)
Does someone know a clear and thorough tutorial on digital code signing and certs? Or a CA that provides certs for free, and has some instructions to go along?
Thanks so much.
The step i have trouble on is turning the CSR into a cert, and importing the returned cert back into the keystore.Masterkeedu wrote: !! It worked.
Congratulations. :-)
Masterkeedu wrote: So it's not certified, but is signed.
So as I understand this, it means the end-user has no way to know it was me that truly signed it. But relies on their common sense I suppose.
That is correct. The CA has verified, and is certifying, that you are who you claim to be. If you or I use a 'self signed' certificate, it does not carry the same level of trust. As you might understand already, the dialogs are different between the two certificate types, and some users cannot accept trusted code from an unverified (self-signed) certificate.
I have been meaning to write a page on the differences between the two certificates. It is well worth looking into getting a cert. from a CA.
There was a stage when one of the major CAs were offering 'freemail' certificates that came emblazoned not with your name, but 'free mail' itself. I did not like them because of that, and continue to use a self-signed certificate. -
How can I create a jar file that will run automatically on double click
all the jars I created run only from the command-line.
how can I make it run by double-click on it?First you will need to associate .jar files with the javaw.exe program in order to just be able to double click on the jar and run it from within a windows explorer application. Next you will need to set the main class attribute of the manifest file. My understanding is that the value of this attribute is used by the launcher to know which class to load. In other words, which is your main application class. To specify this attribute open your manifest file in a text editor. You will find this file located within the jar at META-INF/MANIFEST.MF. Then, add the line,
"Main-Class:<relative path to the main class>" However, remember not to add the .class extension to the end of the class name.
In Windows 2000 you can associate jar files with javaw by finding a jar file in Windows Explorer and right clicking it. This will give you a context menu which should have an Open With... option (if you are not using Windows 2000 and don't see the 'open with' menu item, try holding down the shift button while right click on the file). Select the Open With... option, then, when the dialog appears highlight javaw and select the "Always use this program to open these files" checkbox. When you hit the OK button you should have all your jar files associated with the javaw process.
Once you've done this, you should be able to double click on your jar file and run your application.
Regards,
Daniel Walsh -
Can I progamatically sign a jar file? i.e. w/o jarsigner tool
Hi,
I am new to development and am using Ant to build my packages.
I need to sign the jar files that I produce, and now the only way I know how is with jarsigner.
I'd like to find a way to do the signing within Ant, but can't find one.
Is that possible?
GeorgeI'm having trouble with the opposite: I'm trying to verify a signed jar programmatically.
I've already read this article, and thought that I could do similar things in order to verify.
However, this code uses classes from sun.security.util, and I couldn't find any documentation of this package.
Any suggestion will be greatly appreciated! -
Is it possible to digitally sign a document in reader for iOS?
We sign documents using adobe reader 9.3 & std/pro 9.2 0. Can we create a digital signature and sign documents?
Steve,
Thanks for your reply.
I did not think it was possible as yet. We have many engineers and Pilots
that wanted to use their iPads to sign documents. This would eliminate the
need to go back to their PC.
I don't expect this feature to be too far in the future.
Again thanks,
Michael L. Pope
Engineering Process Writer II, Dept 0663
Engineering Operations
Gulfstream Aerospace Corporation
Tel. (912) 965-7362 Fax (912) 965-7650
[email protected]
This e-mail message, including all attachments, is for the sole use of the
intended recipient(s) and may contain Personal Information under General
Dynamics policy CP 07-105 and/or legally privileged and confidential
information. Any Personal Information can be accessed only by authorized
personnel of General Dynamics and its approved service providers and may be
used only as permitted by General Dynamics and its policies. Contractual
restrictions apply to third parties. If you are not an intended recipient,
you are hereby notified that you have either received this message in error
or through interception, and that any review, use, distribution, copying or
disclosure of this message or its attachments is strictly prohibited and is
subject to criminal and civil penalties. All personal messages express
solely the sender's views and not those of Gulfstream Aerospace
Corporation.
If you received this message in error, please contact the sender by reply
e-mail and destroy all copies of the original message.
From: Steve Werner <[email protected]>
To: mpope5 <[email protected]>
Date: 03/05/2013 11:32 AM
Subject: Is it possible to digitally sign a document in reader for iOS? -
Problems Signing a Jar File.
Hi Everyone
I'm having problems signing a jar file.
The applet in the jar file was previously signed by Duke.
Now I want to re-sign it with my company name.
So I unzip the jar file. I was careful to remove the manifest and the Duke .sa and .rsa. I re-signed it with the netscape signtool.
The applet works. It presents the prompt that it is signed by my company. I grant session. Then another prompt appears and it says it is signed by duke.
but i was careful to remove the duke signature and manifest file when i unzipped it. Is it possible that the fact that it is signed by duke is stored in the bytecode ??
It is using the <object tag by the way.
<OBJECT classid="clsid:CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA"
WIDTH = "100%" HEIGHT = "50" border="0"
codebase="http://www.homework911.com/java/j2re-1_3_1_02-win.exe#Version=1,3,1,2">
<PARAM NAME = "CODE" VALUE = "com.s.SApplet"/>
<PARAM NAME = "CODEBASE" VALUE = "/_phone"/>
<PARAM NAME = "type" VALUE="application/x-java-applet;version=1.3"/>
stevgreat suggestion - there are no other signed jar files on the browser for it to access. There is a winzip file but it has no rsa/dsa and signature file in it.
perhaps it is accessing something else that was signed by duke ?
Would it be possible for it to connect to a server program that was signed by duke and therefore present the prompt. ?
I'm trying to get the original unsigned classes and see if i can recompile and sign it just in case then name duke is in byte code.
any other thoughts as to what this code be ?
stephen -
Guys, I've googled the crap out of this one. I need some help signing a jar file.
Here is what I'm doing:
1. Generating a key:
keytool -genkey -keystore myKeyStore -alias myName2. Trying to sign the jar file:
jarsigner -keystore myKeyStore -storepass myPassword -keypass myNamePassword myJar.jar myNameHere is the error I'm getting:
jarsigner error: java.lang.RuntimeException: keystore load: Invalid keystore formatI'm using Ubuntu Linux.
I wrote and built my project with Netbeans.
Any ideas?Here is what the latest process looks like. What am I doing wrong?
thomasaaron@ubuntu:~/Desktop$ keytool -genkey -alias thomasaaron -keystore myKeyStore
Enter key store password: password1
Enter key password for <thomasaaron>: password2
You are about to enter information that will be incorporated into
your certificate request. This information is what is called a
Distinguished Name or DN. There are quite a few fields but you
can use supplied default values, displayed between brackets, by just
hitting <Enter>, or blank the field by entering the <.> character
before hitting <Enter>.
Common Name (hostname, IP, or your name): Thomas Aaron
Organization Name (company) [The Sample Company]: Tom's Company
Organizational Unit Name (department, division): Tom's Department
Locality Name (city, district) [Sydney]: TommyLand
State or Province Name (full name) [NSW]: Colorado
Country Name (2 letter code) [AU]: US
thomasaaron@ubuntu:~/Desktop$
thomasaaron@ubuntu:~/Desktop$
thomasaaron@ubuntu:~/Desktop$ jarsigner -storepass password1 -keystore myKeyStore SupportManager.jar thomasaaron
jarsigner error: java.lang.RuntimeException: keystore load: Invalid keystore format -
How to sign multiple jar files using the same certificate..?
hi,
I want to run my application using Java Web Start.. i am using around 16 different jar files out of which around 13 are 3rd party component jars. I want to sign these jars using the same certifcate..., i am using the follwing code to sign the jars:
(for the jar file ischeduler.jar)
keytool -genkey -alias signFiles91 -keystore dtss -keypass dtss1351 -dname "cn=dtss" -storepass decisioncraft
jarsigner -keystore dtss -storepass decisioncraft -keypass dtss1351 -signedjar signedischeduler.jar ischeduler.jar signFiles91
keytool -export -keystore dtss -storepass decisioncraft -alias signFiles91 -file ischeduler.cer
keytool -import -alias DCA2 -file ischeduler.cer -keystore Impischeduler -storepass ischeduler
(for the jar file ischedulerclient.jar)
keytool -genkey -alias signFiles92 -keystore dtss -keypass dtss1351 -dname "cn=dtss" -storepass decisioncraft
jarsigner -keystore dtss -storepass decisioncraft -keypass dtss1351 -signedjar signedischedulerclient.jar ischedulerclient.jar signFiles92
keytool -export -keystore dtss -storepass decisioncraft -alias signFiles92 -file ischeduler.cer
keytool -import -alias DCA3 -file ischeduler.cer -keystore Impischeduler -storepass ischeduler
but when i use the above signed jars in my application i get an error saying:
"jars not signed by the same certificate"
can someone plz tel me wher is the error....thanx
andyWell for mulitple signing of jar files you can use ANT tool. Its easier and faster.
Regarding the present problem -- hmm.. well it looks like you are using 2 different alias names for signing the jar file. Try using the same alias name and that might solve your problem.
regards
Saby -
Why need to sign the jar files ????
Hi
Why does i have to sign the jar files to run my app ??
are not another away to run the app???U just have to sign your jar if your application needs full access to the client-resources.
http://java.sun.com/products/javawebstart/docs/developersguide.html
andreas -
Digitally sign multiple pdf files
How to digitally sign multiple pdf files with adobe acrobat XI?
Are you trying to apply certificate-based encryption or add a signature to a PDF form field?
The first one is easy with Acrobat Pro; just create a new Action with the encryption task set to your requirements, then run the Action against a folder of files. -
Is there a way to sign a JAR file programatically?
Is there a way to sign a JAR file programatically?
great! can you give me a short code snippet?
what about signing J2ME MIDlets? -
Webstart : sign a jar file
I have a desktop app that has to access local data files as well as network database server. At the moment, I have a executable jar file now when I try to run it with Webstart it complains about unsigned jar file asking for full access on a file. what do i need to sign a jar file. the jar file as is will work when someone double clicks the file icon but if the computer is not set up for java to open jar files, most likely if you have winzip , it will open the jar file. So other than the sdk what else do i need
Thanks in advancethanks that was helpfull , but, I found a page on the suns web page which i found using another serch engine . I couldnt find it by searching this website.
I apprectiat you taking the time, thanks -
Can I use the certificates from my PKI card to sign a JAR file? The certificates are X.509 standard compliant.
Many thanks!On a more serious helpful note... :) Jack up this value in the sign_webutil.bat file... Its defaulted to 360.. I set mine to 5000. Not sure how high it will go...
REM
REM Number of days before this certificate expires
REM
SET VALIDDAYS=5000
REM
REM Signing script starts here...
REM
Message was edited by:
Mark Reichman -
Simply signing a *.jar file make applet able to read Client PC?
If I simply sign my jar file, which is supposed to open a JFileChooser, and make a default web page that loads the jar as an applet supposed to grant all permisions? I tried this, and the applet pops up the "grant permisions". However the JFileChooser won't pop up?
what if I put a .policy file online in the same directory, could this help or be modified to?Fractalz wrote:
. . . Now that's the part I have been facing difficulties, cuz I have to include all the classes that the applet is using from other jar
files. And I can not come up with a way to find out all those classes.See the Class-Path: parameter (of a Manifest file) documentation here:
http://java.sun.com/javase/6/docs/technotes/guides/jar/jar.html#Manifest-Overview -
I currently have the j2sdk1.4.2_04 and j2re1.4.2_04 installed on my computer along with NetBeans 3.6. Do I need any other tools to be able to sign JAR files? Many websites say that I need "jarsigner" utility bundled along with JDK1.2/1.3 and "keytool" utility bundled along with JDK1.2/1.3. Is this true? Where can I get the appropriate files to download so that I can proceed?
If you have the j2sdk installed, you already have the jarsigner and keytool utility programs. You don't need any other tools to sign JAR files.
Instructions for generating keys and signing a jar file can be found from the security tutorial: http://java.sun.com/docs/books/tutorial/security1.2/toolfilex/sender.html
Maybe you are looking for
-
3G connection keeps dropping out after 4.2.1 update
Hi, I'm wondering if anyone could help me. I have the iPhone 4, and it was working perfectly... until I upgraded to iOS 4.2.1. Ever since then, my 3G connection keeps dropping out, and I'm just left with vodafone UK (with usually 3-4 bar signal) but
-
How to transfer files from PC to Mac using Ethernet cable?
I am a brand new PC to Mac convert and loving it. I'm just having trouble transferring my files from my PC to my MacBook Pro. I have my PC and Mac connected with an ethernet cable. I'm just not sure what steps I need to take from there. I guess I hav
-
MOVED: i just wanted to say
This topic has been moved to Anything Under The Sun. https://forum-en.msi.com/index.php?topic=253435.0
-
Shape Tween edit will not save on Mac OS X
The file that I am working on has a shape tween that I added, but when I go to save the file, the save bar pops up and everything seems fine. When I open that file again the shape tween is not saved and is not even there anymore. I am running Mac OS
-
Premiere Elements 11 Sound turns off after 5 seconds on DVD
Hi Folk, I have been using Elemnts 11 for a few months with good success. I created a video from 8-9 clips and it play fine in the tool. I can see the images OK and hear all the audio throughout the video. When I burn a DVD to a Folder on my laptop a