Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Java > Verifying signed jar files from C

Reply
Thread Tools

Verifying signed jar files from C

 
 
Paul J. Lucas
Guest
Posts: n/a
 
      01-08-2007
I have a double-clickable application (for both Windows and Mac OS X) written
in Java (stored in jar files) that uses a native launcher written in C to
start a JVM and run a particular class's main() contained in one of the jar
files.

I want to sign the jar files at build-time and later verify them at run-time
to ensure they haven't been altered. I want to do the verification as part
of the launcher written in C because somebody could still modify the jar
files and either leave them unsigned or resign them with his own self-signed
certificate.

I've done a lot of Google searches and I haven't been able to find any
information on doing what I want. (I only find stuff on signing applets and
verifying jar files with the jarsigner command-line tool.)

Can I do what I want and, if so, how?

- Paul
 
Reply With Quote
 
 
 
 
Andrew Thompson
Guest
Posts: n/a
 
      01-08-2007
Paul J. Lucas wrote:
> I have a double-clickable application (for both Windows and Mac OS X) written
> in Java (stored in jar files)

....
> I want to sign the jar files at build-time and later verify them at run-time
> to ensure they haven't been altered.

....
> Can I do what I want and, if so, how?


Use web-start. It will give the user desktop icons for
win & mac (and unix/linux, if required), and will handle
the verification for you.

While there may be ways to launch a web-started
application from 'the class files' - I have never seen
it done, and it would be at the mercy of changes in
web-start itself (the tech. people specifically warn
against relying on a given cache location, and any
attempt to launch it would probably need to look
to the classes in the cache).

Just how technically proficient do you expect your
end users to be? (I reckon by the time they could
hack a solution together under web-start, they might
just as easily have hunted down the parts of the C
code that invoke the signature check).

Andrew T.

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Verifying digitally signed data from a .NET application in a Java Servlet Kerry Sanders Java 1 09-17-2009 07:40 PM
pb with signed jar in global jar a.too@caramail.com Java 0 02-10-2007 09:07 PM
OpenURI and not verifying self-signed certificates Jon Lim Ruby 0 11-21-2005 04:18 PM
jaas.jar, jta.jar jdbc-stdext.jar missing from jdk1.5 RPM muttley Java 0 10-20-2005 02:40 PM
Differences of xercesImpl.jar, xercesImpl-J.jar, dom3-xercesImpl.jar ? Arnold Peters Java 0 01-05-2005 10:59 PM



Advertisments