For web-masters/developers: Signing (Archaeopteryx) applets

Archaeopteryx applets versioned 0.960 or higher allow for the display of images (for an example, see here). In many cases, the corresponding image files do not originate from the same server as the applet itself, which leads to security related exceptions in case of unsigned applets. Thus, in order to distribute Archaeopteryx applets which are allowed to display images from arbitrary servers, the applet needs to be signed by the developer/web-master. For this, the two command line tools ‘keytool’ and ‘jarsigner‘ are needed, both of which are part of the JDK.

First, use keytool to generate a keystore:

% keytool -genkey -keystore <path/name for your keystore> -keyalg rsa
  -alias <alias> -keypass <key password> -storepass <store password>

keytool will then request the following information:

  • What is your first and last name?
  • What is the name of your organizational unit?
  • What is the name of your organization?
  • What is the name of your City or Locality?
  • What is the name of your State or Province?
  • What is the two-letter country code for this unit?

Second, use jarsigner to sign the archaeopteryx_applets.jar file:

% jarsigner -keystore <path/name for your keystore> -storepass <store password>
  -keypass <key password> -verbose archaeopteryx_applets.jar <alias>

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: