Skip to Main Content

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

Verifying digital signature in program

843810Jul 8 2002 — edited Nov 23 2004
Hi all,

I have this little problem I hope you guys can help me out with. I have a program written in Java and is compressed into 5 jar files. I've also created a digital signature for the files. I want to be able to verify at runtime that none of the code has been changed (e.g. make sure the digital signature matches the one computed from the jars etc...). However I need to keep this transparent to the end user (except where the signatures don't match of course) so the verifying can't be done on the command line. How do I do this?

Second problem. Actually a related and possibly more important one. Included in the jar software distribution is the public key. How can I ensure that the public key received by the end user is indeed the one I sent out? Again, this has to be done all in java.

I've looked through the tutorials on the java website but I still don't see a clear solution to my problem (especially the second issue).

Any pointers will be great! Thanks in advance,

Vince
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Dec 21 2004
Added on Jul 8 2002
8 comments
205 views