«

1. it is needed only for Java Applets? I think Java programs not need certificate because running locally from user.
2. with a certificate a Java Applet can do anything? I mean file reading/writting, connection with any server etc
3. where can I buy a certificate?
4. what is a certificate? a text file with a long length password?
5. I saw many of these files inside JAR files but I cannot steel these files (for experiment of course) because these files are not
working. Maybe this files are MD5 of original certificate (or other encryption method?)
6. If certificate is a file, and I have bought a certificate, how can I add this certificate to my code?
7. for every product I must buy a new certificate or I can use the same?

thanks for your response...

"<- Chameleon ->" <> wrote in message
news:bikjnc$6f4$...

Certificates are cryptographically signed files that are used to verify
identity. Some details about Java and Certificates is at:
http://www.suitable.com/docs/signing...w.html#sandbox

> 1. it is needed only for Java Applets? I think Java programs not need
certificate because running locally from user.

Java applets that want to be able to request special privileges need to be
signed--identified by a certificate.

> 2. with a certificate a Java Applet can do anything? I mean file
reading/writting, connection with any server etc

No. Signing merely enables the applet to request special privileges such as
being able to read or write to local files, connect to any server, etc. The
user must still approve the request.

> 3. where can I buy a certificate?

There are a couple of companies and they provide varying levels of surety of
identity. Verisign and Thawte are two.

> 4. what is a certificate? a text file with a long length password?

It is a file containing your identity information (including a public key)
that has been encrypted with the private key of the authority from whom you
got the certificate, which means that the public key of that authority
(which is usually available pre-installed in web browsers, etc) can verify
your identity.

> 5. I saw many of these files inside JAR files but I cannot steel these
files (for experiment of course) because these files are not
> working. Maybe this files are MD5 of original certificate (or other
encryption method?)

Certificates are in a standard format, but they really only work for the
owner because you must have the private key that goes with the public key in
the certificate.

> 6. If certificate is a file, and I have bought a certificate, how can I
add this certificate to my code?

Essentially you put it in the jar file, but that's not where it's power
comes from. You use your associated private key to sign your code--to
encrypt your code, which only you have. You then hand out the certificate,
which contains your public key. Because only your public key decrypts your
code they are assured that someone has verified your identity. Of course,
they must still decide whether or not to trust you...

> 7. for every product I must buy a new certificate or I can use the same?

The certificate identifies you. You really only need one.

Good luck,
Matt Humphrey http://www.iviz.com/

If you check out the section on security in the online Java Tutorial there
is a good section on signing applets. It also covers how you can generate
you own 'self-signed' certificate for testing - this may let you investigate
what you are trying to do before you invest in purchasing your own 'real'
certificate.

http://java.sun.com/docs/books/tutor...1.2/index.html


--
Kevin Hooke

MindBeans Software Consulting
http://www.mindbeans.net

"<- Chameleon ->" <> wrote in message
news:bikjnc$6f4$...
> 1. it is needed only for Java Applets? I think Java programs not need
certificate because running locally from user.
> 2. with a certificate a Java Applet can do anything? I mean file
reading/writting, connection with any server etc
> 3. where can I buy a certificate?
> 4. what is a certificate? a text file with a long length password?
> 5. I saw many of these files inside JAR files but I cannot steel these
files (for experiment of course) because these files are not
> working. Maybe this files are MD5 of original certificate (or other
encryption method?)
> 6. If certificate is a file, and I have bought a certificate, how can I
add this certificate to my code?
> 7. for every product I must buy a new certificate or I can use the same?
>
> thanks for your response...
>
>

On Thu, 28 Aug 2003 12:58:33 +0300, "<- Chameleon ->"
<> wrote or quoted :

>1. it is needed only for Java Applets? I think Java programs not need certificate because running locally from user.
>2. with a certificate a Java Applet can do anything? I mean file reading/writting, connection with any server etc
>3. where can I buy a certificate?
>4. what is a certificate? a text file with a long length password?
>5. I saw many of these files inside JAR files but I cannot steel these files (for experiment of course) because these files are not
>working. Maybe this files are MD5 of original certificate (or other encryption method?)
>6. If certificate is a file, and I have bought a certificate, how can I add this certificate to my code?
>7. for every product I must buy a new certificate or I can use the same?


see http://mindprod.com/jgloss/certificate.html

--
Canadian Mind Products, Roedy Green.
Coaching, problem solving, economical contract programming.
See http://mindprod.com/jgloss/jgloss.html for The Java Glossary.