Trail: Security Features in Java SE
Lesson: Signing Code and Granting It Permissions
Section: Steps for the Code Signer
Signing Code and Granting It Permissions
Steps for the Code Signer
Download and Try the Sample Application
Create a JAR File Containing the Class File
Generate Keys
Sign the JAR File
Export the Public Key Certificate
Steps for the Code Receiver
Observe the Restricted Application
Import the Certificate as a Trusted Certificate
Set Up a Policy File to Grant the Required Permission
Start Policy Tool
Specify the Keystore
Add a Policy Entry with a SignedBy Alias
Save the Policy File
See the Policy File Effects
Home Page > Security Features in Java SE > Signing Code and Granting It Permissions
« Previous • Trail • Next »
Export the Public Key Certificate
You now have a signed JAR file sCount.jar. The runtime system of the code receiver (Ray) will need to authenticate the signature when the Count application in the signed JAR file tries to read a file and a policy file grants that permission to this signed code.

In order for the runtime system to authenticate the signature, Ray's keystore needs to have the public key corresponding to the private key used to generate the signature. You supply this by sending Ray a copy of the certificate authenticating the public key. Copy that certificate from the keystore susanstore to a file named SusanJones.cer via the following: 

keytool -export -keystore susanstore -alias signFiles -file SusanJones.cer
You will be prompted for the store password (ab987c).
« PreviousTrailNext »
Previous page: Sign the JAR File
Next page: Steps for the Code Receiver