Help: Signing Declarations with John Hancock

JDC Applets
(chat, newsreader, calendar)

Log Out

Course Notes Table of Contents
Exercises | Online Training Index

Help: Signing Declarations with John Hancock
MageLang Institute

Help is available for each task, or you can go straight to the solution source code.

Task 1

Execute the following statement to make sure that "John Hancock" is not a known identity to your system. javakey -r "John Hancock"

If John doesn't exist in your system, you will see the message "No one named John Hancock in the system." If John did exist, you will see the message "Removed John Hancock."

Task 2

Once removed, we can run the program unsigned to see what happens. Unpack the AllHancock.jar file and run appletviewer with the Declaration.html file.

To save the file, in Netscape Navigator, shift-click over the AllHancock.jar link.

To extract the files from the .jar file, from the directory you saved it in, execute:

jar xf AllHancock.jar

Then enter: appletviewer Declaration.html

Task 3

Now, press the 'Introspect' button while there is nothing in the 'Enter class name' text field. The applet is able to reflect on itself with no security problems.

Task 4

Then try to inspect a system class like java.lang.String. When you press the 'Introspect' button with java.lang.String in the text field, you will see a lengthy security exception message on the display. This basically is saying that the applet is untrusted by you, so cannot access restricted things. In order to be trusted, it must be signed by someone. Then, the user of the applet must tell their system that they trust that someone AND install their public key into their system.

Task 5

In order for our applet to be trusted, we need to generate a certificate, create a jar file, sign it, and tell our .html file to use it. To generate the certificate, involves four steps:

Identify signer and state that you 'trust' them

javakey -cs "John Hancock" true

javakey is key security program
-c means to create an identity
-s means we are creating a code 'signer'
"John Hancock" is signer
true signifies we trust "John Hancock"

Generate a public-private key pair for signer

javakey -gk "John Hancock" DSA 512 Hancock_pub Hancock_priv

-gk means to generate key pair
"John Hancock" is identity
DSA is algorithm
512 is key size
Hancock_pub / Hancock_priv are key pair files.

Setup a signer profile file

This file is a bunch of key-value pairs identifying who the signer is, how long the key is good for, and what the output file is.
For purposes of this exercise, just use the Hancock.cert file provided.

Generate a certificate

javakey -gc Hancock.cert

-gc means to generate a certificate
Hancock.cert is the certificate profile file
The command creates the file Hancock.x509 because the out.file directive provided that name.

For more information on the format of the signer profile file, see JavaSoft's online description of javakey.

Task 6

Now we can sign our code. First, we need to package our code up to be signed. The Freud.class file is the only one that has to be signed. If we include our general applet code in the signed package and the user does not trust the signer, they will get an empty screen on startup and will think they did something wrong. By not packaging the front-end, this won't happen. The command to place the Freud class in a jar file is: jar cf Freud.jar Freud.class

This creates the file Freud.jar with the contents of Freud.class. To examine the contents: jar tf Freud.jar

Task 7

Now we need to sign the .jar file. This requires a signing directive file similar to the signer profile file earlier. For purposes of this exercise, just use the Hancock.sign file provided. Once the directives file is setup, execute: javakey -gs Hancock.sign Freud.jar to create the file Freud.jar.sig. Rename Freud.jar.sig to be signedFreud.jar. ren Freud.jar.sig signedFreud.jar

For more information on the format of the signing directive file, see JavaSoft's online description of javakey.

This added the following files:

META-INF/MANIFEST.INF
META-INF/HANCOCK.SF
META-INF/HANCOCK.DSA

Task 8

Finally, create an html file that uses the signed file and test it. In the <APPLET> tag, include an archive=signedFreud.jar parameter. Then test it.

Task 9

Okay, now that you have this. What is necessary for a user to use it as trusted? Basically, only three steps. First, you need to provide the user with the Hancock.x509 file you created earlier. Then, they need to identify the signer as trusted on their system. Finally, they need to import the certificate file into their system.

In order for us to make believe we don't know who the signer is, we need to remove their identity from our database first.

javakey -r "John Hancock"

Deliver Hancock.x509 to user somehow.

Register "John Hancock" as trusted

javakey -c "John Hancock" true

There isn't a '-s' flag because John Hancock doesn't need to create certificates on the user's system.

Import the Hancock.x509 certificate file

javakey -ic "John Hancock" Hancock.x509

There is no magic in the filename or extension.

Run the signed applet.

appletviewer signedDeclaration.html

If you try introspecting classes like java.lang.String, you will see no security exceptions thrown.

You may have used a different name for your .html file.

Also, if you want to re-enable "John Hancock" as a signer, remove him with javakey -r "John Hancock", reinstate him as a trusted signer with javakey -cs "John Hancock" true, then import the public-private key pair back into the system with javakey -ikp "John Hancock" Hancock_pub Hancock_priv. If you do not do this and just regenerate the key, the 'signed' applet will become invalid because it won't pass the verification test.