Verifying digital signature in program
843810Jul 8 2002 — edited Nov 23 2004Hi all,
I have this little problem I hope you guys can help me out with. I have a program written in Java and is compressed into 5 jar files. I've also created a digital signature for the files. I want to be able to verify at runtime that none of the code has been changed (e.g. make sure the digital signature matches the one computed from the jars etc...). However I need to keep this transparent to the end user (except where the signatures don't match of course) so the verifying can't be done on the command line. How do I do this?
Second problem. Actually a related and possibly more important one. Included in the jar software distribution is the public key. How can I ensure that the public key received by the end user is indeed the one I sent out? Again, this has to be done all in java.
I've looked through the tutorials on the java website but I still don't see a clear solution to my problem (especially the second issue).
Any pointers will be great! Thanks in advance,
Vince