Java Application Hosting Web Hosting, web hosting, JSP, Servlets, Tomcat, website hosting, web site hosting
Web Hosting, web hosting, JSP, Servlets, Tomcat, website hosting, web site hosting
Web Hosting, web hosting, JSP, Servlets, Tomcat, website hosting, web site hosting

Alden Hosting provides professional, efficient, and reliable business-class Web hosting services to small- and medium-sized businesses.

WWW.

Call Us Toll-Free
(877) 256-0328

Outside USA
1 - (201) 505-0430

Java Application Hosting Welcome Java Application Hosting Web Hosting Plans Overview , Fund Raising, Fundraising, web hosting, website hosting, web site hosting Java Application Hosting Fund Raising, Fundraising, web hosting Java Application Hosting Resellers, web Hosting Java Application Hosting Web Design, web Hosting Java Application Hosting Extra Services,  web Hosting Java Application Hosting Traffic Booster, web hosting Java Application Hosting Traffic Booster, web hosting Java Application Hosting Technical Support,  web Hosting Java Application Hosting webmaster tips,  web Hosting Java Application Hosting 30 Day Money Back, web hosting Java Application Hosting Legal Notices for Web Hosting Java Application Hosting Glossary Computer Terms for web Hosting Java Application Hosting Contact Information - web hosting

Site Map

  Java Application Hosting Web Hosting Sign-Up   Java Application Hosting Fund Raising, Fundraising, web hosting, website hosting, web site hosting    Java Application Hosting Resellers web hosting, website hosting, web site hosting   Java Application Hosting EZ Site Control Panel for web hosting,website hosting, web site hosting

JAVA, JSP, SERVLETS, TOMCAT, SERVLETS MANAGER,
Private JVM (Java Virtual Machine),
Private Tomcat Server

Alden Hosting offers private JVM (Java Virtual Machine), Java Server Pages (JSP), Servlets, and Servlets Manager with our Web Hosting Plans WEB 4 PLAN and WEB 5 PLAN , WEB 6 PLAN .

At Alden Hosting we eat and breathe Java! We are the industry leader in providing affordable, quality and efficient Java web hosting in the shared hosting marketplace. All our sites run on our Java hosing platform configured for optimum performance using Java 1.6, Tomcat 6, MySQL 5, Apache 2.2 and web application frameworks such as Struts, Hibernate, Cocoon, Ant, etc.

We offer only one type of Java hosting - Private Tomcat. Hosting accounts on the Private Tomcat environment get their very own Tomcat server. You can start and re-start your entire Tomcat server yourself.


Understanding Signing and Verification (The Java™ Tutorials > Deployment > Packaging Programs in JAR Files)
Trail: Deployment
Lesson: Packaging Programs in JAR Files
Section: Signing and Verifying JAR Files
Home Page > Deployment > Packaging Programs in JAR Files
Understanding Signing and Verification
The JavaTM platform enables you to digitally sign JAR files. You digitally sign a file for the same reason you might sign a paper document with pen and ink -- to let readers know that you wrote the document, or at least that the document has your approval.

When you sign a letter, for example, everyone who recognizes your signature can confirm that you wrote the letter. Similarly when you digitally sign a file, anyone who "recognizes" your digital signature knows that the file came from you. The process of "recognizing" electronic signatures is called verification.

The ability to sign and verify files is an important part of the Java platform's security architecture. Security is controlled by the security policy that's in force at runtime. You can configure the policy to grant security privileges to applets and to applications. For example, you could grant permission to an applet to perform normally forbidden operations such as reading and writing local files or running local executable programs. If you have downloaded some code that's signed by a trusted entity, you can use that fact as a criterion in deciding which security permissions to assign to the code.

Once you (or your browser) have verified that an applet is from a trusted source, you can have the platform relax security restrictions to let the applet perform operations that would ordinarily be forbidden. A trusted applet can have freedoms as specified by the policy file in force.

The Java platform enables signing and verification by using special numbers called public and private keys. Public keys and private keys come in pairs, and they play complementary roles.

The private key is the electronic "pen" with which you can sign a file. As its name implies, your private key is known only to you so that no one else can "forge" your signature. A file signed with your private key can be verified only by the corresponding public key.

Public and private keys alone, however, aren't enough to truly verify a signature. Even if you've verified that a signed file contains a matching key pair, you still need some way to confirm that the public key actually comes from the signer that it purports to come from.

One more element, therefore, is required to make signing and verification work. That additional element is the certificate that the signer includes in a signed JAR file. A certificate is a digitally signed statement from a recognized certification authority that indicates who owns a particular public key. A certification authority are entities (typically firms specializing in digital security) that are trusted throughout the industry to sign and issue certificates for keys and their owners. In the case of signed JAR files, the certificate indicates who owns the public key contained in the JAR file.

When you sign a JAR file your public key is placed inside the archive along with an associated certificate so that it's easily available for use by anyone wanting to verify your signature.

To summarize digital signing:

  • The signer signs the JAR file using a private key.
  • The corresponding public key is placed in the JAR file, together with its certificate, so that it is available for use by anyone who wants to verify the signature.

Digests and the Signature File

When you sign a JAR file, each file in the archive is given a digest entry in the archive's manifest. Here's an example of what such an entry might look like:
Name: test/classes/ClassOne.class
SHA1-Digest: TD1GZt8G11dXY2p4olSZPc5Rj64=
The digest values are hashes or encoded representations of the contents of the files as they were at the time of signing. A file's digest will change if and only if the file itself changes.

When a JAR file is signed, a signature file is automatically generated and placed in the JAR file's META-INF directory, the same directory that contains the archive's manifest. Signature files have filenames with an .SF extension. Here is an example of the contents of a signature file:

Signature-Version: 1.0
SHA1-Digest-Manifest: h1yS+K9T7DyHtZrtI+LxvgqaMYM=
Created-By: 1.6.0 (Sun Microsystems Inc.)

Name: test/classes/ClassOne.class
SHA1-Digest: fcav7ShIG6i86xPepmitOVo4vWY=

Name: test/classes/ClassTwo.class
SHA1-Digest: xrQem9snnPhLySDiZyclMlsFdtM=

Name: test/images/ImageOne.gif
SHA1-Digest: kdHbE7kL9ZHLgK7akHttYV4XIa0=

Name: test/images/ImageTwo.gif
SHA1-Digest: mF0D5zpk68R4oaxEqoS9Q7nhm60=

As you can see, the signature file contains digest entries for the archive's files that look similar to the digest-value entries in the manifest. However, while the digest values in the manifest are computed from the files themselves, the digest values in the signature file are computed from the corresponding entries in the manifest. Signature files also contain a digest value for the entire manifest (see the SHA1-Digest-Manifest header in the above example).

When a signed JAR file is being verified, the digests of each of its files are re-computed and compared with the digests recorded in the manifest to ensure that the contents of the JAR file haven't changed since it was signed. As an additional check, digest values for the manifest file itself are re-computed and compared against the values recorded in the signature file.

You can read additional information about signature files on the Manifest Format page of the JDKTM documentation.

The Signature Block File

In addition to the signature file, a signature block file is automatically placed in the META-INF directory when a JAR file is signed. Unlike the manifest file or the signature file, signature block files are not human-readable.

The signature block file contains two elements essential for verification:

  • The digital signature for the JAR file that was generated with the signer's private key
  • The certificate containing the signer's public key, to be used by anyone wanting to verify the signed JAR file

Signature block filenames typically will have a .DSA extension indicating that they were created by the default Digital Signature Algorithm. Other filename extensions are possible if keys associated with some other standard algorithm are used for signing.


Related Documentation

For additional information about keys, certificates, and certification authorities, see

For more information about the Java platform's security architecture, see this related documentation:

Previous page: Signing and Verifying JAR Files
Next page: Signing JAR Files

JAVA, JSP, SERVLETS, TOMCAT, SERVLETS MANAGER,
Private JVM (Java Virtual Machine),
Private Tomcat Server

Alden Hosting offers private JVM (Java Virtual Machine), Java Server Pages (JSP), Servlets, and Servlets Manager with our Web Hosting Plans WEB 4 PLAN and WEB 5 PLAN , WEB 6 PLAN .

At Alden Hosting we eat and breathe Java! We are the industry leader in providing affordable, quality and efficient Java web hosting in the shared hosting marketplace. All our sites run on our Java hosing platform configured for optimum performance using Java 1.6, Tomcat 6, MySQL 5, Apache 2.2 and web application frameworks such as Struts, Hibernate, Cocoon, Ant, etc.

We offer only one type of Java hosting - Private Tomcat. Hosting accounts on the Private Tomcat environment get their very own Tomcat server. You can start and re-start your entire Tomcat server yourself.


Web Hosting, web hosting, JSP, Servlets, Tomcat, website hosting, web site hosting
Add to My Yahoo!

XML icon

Add to Google

 

 

 

 

 

 

 

 

 

 

 

http://alden-servlet-Hosting.com
JSP at alden-servlet-Hosting.com
Servlets at alden-servlet-Hosting.com
Servlet at alden-servlet-Hosting.com
Tomcat at alden-servlet-Hosting.com
MySQL at alden-servlet-Hosting.com
Java at alden-servlet-Hosting.com
sFTP at alden-servlet-Hosting.com
http://alden-tomcat-Hosting.com
JSP at alden-tomcat-Hosting.com
Servlets at alden-tomcat-Hosting.com
Servlet at alden-tomcat-Hosting.com
Tomcat at alden-tomcat-Hosting.com
MySQL at alden-tomcat-Hosting.com
Java at alden-tomcat-Hosting.com
sFTP at alden-tomcat-Hosting.com
http://alden-sftp-Hosting.com
JSP at alden-sftp-Hosting.com
Servlets at alden-sftp-Hosting.com
Servlet at alden-sftp-Hosting.com
Tomcat at alden-sftp-Hosting.com
MySQL at alden-sftp-Hosting.com
Java at alden-sftp-Hosting.com
sFTP at alden-sftp-Hosting.com
http://alden-jsp-Hosting.com
JSP at alden-jsp-Hosting.com
Servlets at alden-jsp-Hosting.com
Servlet at alden-jsp-Hosting.com
Tomcat at alden-jsp-Hosting.com
MySQL at alden-jsp-Hosting.com
Java at alden-jsp-Hosting.com
sFTP at alden-jsp-Hosting.com
http://alden-java-Hosting.com
JSp at alden-java-Hosting.com
Servlets at alden-java-Hosting.com
Servlet at alden-java-Hosting.com
Tomcat at alden-java-Hosting.com
MySQL at alden-java-Hosting.com
Java at alden-java-Hosting.com
sFTP at alden-java-Hosting.com
JSP Servlets Tomcat mysql Java JSP Servlets Tomcat mysql Java JSP Servlets Tomcat mysql Java JSP Servlets Tomcat mysql Java JSP at JSP.aldenWEBhosting.com Servlets at servlets.aldenWEBhosting.com Tomcat at Tomcat.aldenWEBhosting.com mysql at mysql.aldenWEBhosting.com Java at Java.aldenWEBhosting.com Web Hosts Portal Web Links Web Links Web Hosting JSP Solutions Web Links JSP Solutions Web Hosting Servlets Solutions Web Links Servlets Solutions Web Hosting Web Links Web Links . .
.
.
. .
. . . . jsp hosting servlets hosting web hosting web sites designed cheap web hosting web site hosting myspace web hosting