Java Glossary : signtool

CMP home Java glossary home Menu no menu Last updated 2004-06-28 by Roedy Green ©1996-2004 Canadian Mind Products

Java definitions: 0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

You are here : home : Java Glossary : S words : signtool.

signtool
The application used to sign Applets to get them bypass the security restrictions of the Netscape 4.7 sandbox. The fool thing won't just sign an existing jar file. You have to take your existing jar apart into separate files, sign it, and let it recreate the jar file. Beware: the signtool -m option uses an incompatible format for the *.mft files from jar.exe. Your mft file needs a lead + sign on its entries. e.g. + Main-Class: com.mindprod.Wassup.Wassup You will need a batch script something like this: 

rem Expand existing jar file into
rem a new empty directory tree called signdir.
rem WZunzip is the WinZip/PkZip command line utility
rem that handles long filenames.
WZunzip setclock.jar -d signdir

rem delete existing jar file
del setclock.jar

rem Sign everything in the new directory and recompress.
rem The following should all be on one line.
rem All switches must come before the directory.
signtool -k"roedy" -c9 -Z"setclock.jar" -d"D:\Program Files\Netscape\Users\roedy " signdir
REM Where do you get Signtool 1.3? REM Download from Netscape.

See the signtool docs for an explanation of the command line switches. One nice thing the -G switch will do is let you create a temporary untrusted signing id that is not backed by a certificate signing authority, but that lets you get on with coding while you wait for your real one to arrive. See the Netscape docs on creating temporary X.509 certificates, i.e. phony certificates. You would use it like this: 

REM create a new temporary Netscape Java-jar signing certificate
REM and install it in Netscape.

rem Watch out. Options are case-sensitive
rem -d directory where Netscape stores your certificates
rem -G nickname of your new certificate
rem Signtool will prompt for certificate details.
rem No punctuation other than ' is allowed, e.g.
rem certificate common name: Test jar signing certificate
rem organization: Canadian Mind Products
rem organization unit: head office
rem state or province: British Columbia
rem country (must be exactly 2 characters): CA
rem username: roedy
rem email address: someone@somedomain.com
rem Password or Pin for "Communicator Certificate DB": sesame
rem You can later view the cert in Netscape/security/yours/view

signtool -d"D:\program files\Netscape\Users\roedy" -G"CMP temp"

rem display installed certificates
signtool -d"D:\program files\Netscape\Users\roedy" -l
rem -30-

jarsigner is the Sun JDK 1.3/1,4 analog of signtool.

authentication ¤ authorisation ¤ capabilities ¤ digital signatures ¤ jarsigner ¤ javakey ¤ keytool ¤ resources ¤ sandbox ¤ signcode ¤ Signed Applets ¤ Signtool FAQ

CMP logo
CMP_home
home		 Canadian Mind Products CSS
HTML Checked!
ICRA ratings logo
mindprod.com IP:[24.87.56.253]
Your IP:[80.134.30.163]
You are visitor number 2356.
Please send errors, omissions and suggestions
to improve this page to Roedy Green.
You can get a fresh copy of this page from: or possibly from your local J: drive mirror:
http://mindprod.com/jgloss/signtool.html J:\mindprod\jgloss\signtool.html