|
|
Start of Tutorial > Start of Trail > Start of Lesson |
Search
Feedback Form |
Before you can grant the signed code permission to read a specified file, you need to import Susan's certificate as a trusted certificate in your keystore.Suppose that you have received from Susan
- the signed JAR file
sCount.jar, which contains theCount.classfile, and
- the file
SusanJones.cer, which contains the public key certificate for the public key corresponding to the private key used to sign the JAR file.Even though you created these files and they haven't actually been transported anywhere, you can simulate being someone other than the creater and sender, Susan. Pretend that you are now Ray. Acting as Ray, you will create a keystore named
raystoreand will use it to import the certificate into an entry with an alias ofsusan.A keystore is created whenever you use a
keytoolcommand specifying a keystore that doesn't yet exist. Thus we can create theraystoreand import the certificate via a singlekeytoolcommand. Do the following in your command window.Since the keystore doesn't yet exist, it will be created, and you will be prompted for a keystore password; type whatever password you want.
- Go to the directory containing the public key certificate file
SusanJones.cer. (You should actually already be there, since this lesson assumes that you stay in a single directory throughout.)
- Type the following command on one line:
keytool -import -alias susan -file SusanJones.cer -keystore raystoreThe
keytoolcommand will print out the certificate information and ask you to verify it, for example, by comparing the displayed certificate fingerprints with those obtained from another (trusted) source of information. (Each fingerprint is a relatively short number that uniquely and reliably identifies the certificate.) For example, in the real world you might call up Susan and ask her what the fingerprints should be. She can get the fingerprints of theSusanJones.cerfile she created by executing the commandIf the fingerprints she sees are the same as the ones reported to you bykeytool -printcert -file SusanJones.cerkeytool, the certificate has not been modified in transit. In that case you letkeytoolproceed with placing a trusted certificate entry in the keystore. The entry contains the public key certificate data from the fileSusanJones.cerand is assigned the aliassusan.
|
|
Start of Tutorial > Start of Trail > Start of Lesson |
Search
Feedback Form |
Copyright 1995-2004 Sun Microsystems, Inc. All rights reserved.