Applet is no longer signed after repackaging signed .cab
files as .jar files
Symptoms
After repackaging signed .cab files as .jar
files, an applet running in the Sun JRE is treated as unsigned. The same
applet packaged as .cab files runs as signed in the Microsoft
VM.
Cause
Microsoft supports applet signing through its own proprietary Authenticode
and .cab file technologies. The signing information is lost
in the process of repackaging. As a result, the Sun JVM treats the .jar
files as unsigned.
Resolution
The workaround is to sign the .jar files using the jarsigner
tool from the JDK:
Obtain the Sun
Java Signing certificate from VeriSign or the Java
Code Signing certificate from Thawte or similar certificates from
other Certificate Authorities (CAs).
Import the certificate into your keystore using
keytool and an alias name. For example:
Use jarsigner to sign the .jar file, using
the RSA credentials in your keystore that were generated in the previous
step. Make sure the same alias name is specified, for example:
C:\>C:\j2sdk1.5\bin\jarsigner C:\TestApplet.jar MyCert
Enter Passphrase for keystore: ********
Use "jarsigner -verify -verbose -certs" to verify
the .jar files.
C:>C:\jdk1.4.2\bin\jarsigner -verify -verbose
-certs d:\TestApplet.jar
245 Wed Mar 10 11:48:52 PST 2000 META-INF/manifest.mf
187 Wed Mar 10 11:48:52 PST 2000 META-INF/MYCERT.SF
968 Wed Mar 10 11:48:52 PST 2000 META-INF/MYCERT.RSA
smk 943 Wed Mar 10 11:48:52 PST 2000 TestApplet.class
smk 163 Wed Mar 10 11:48:52 PST 2000 TestHelper.class
X.509, CN=XXXXXXX YYY, OU=Java Software,
O=Sun Microsystems, L=Cupertino,
ST=CA, C=US (mycert)
X.509, CN=Sun Microsystems, OU=Java Plug-in QA,
O=Sun Microsystems, L=Cupertino, ST=CA, C=US
X.509, EmailAddress=server-certs@thawte.com,
CN=Thawte Server CA, OU=Certification
Services Division, O=Thawte Consulting cc,
L=Cape Town, ST=Western Cape, C=ZA
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity scope
jar verified.