To sign a .jar with PGP
Hasnain Mujtaba
hmujtaba at forumsys.com
Wed Dec 1 00:23:33 CET 2004
Take a look at BouncyCastle's Java OpenPGP provider
(www.bouncycastle.org). It explains with examples how to sign files
using PGP keys. And it might even give you a PGP to X.509 converter
class which you can use to store your PGP keys in a Java KeyStore.
Hasnain.
-----Original Message-----
From: gnupg-users-bounces at gnupg.org
[mailto:gnupg-users-bounces at gnupg.org] On Behalf Of Nicolas BONARDELLE
Sent: Tuesday, November 30, 2004 4:58 PM
To: gnupg-users at gnupg.org
Subject: To sign a .jar with PGP
Hi list,
I'm thinking about using Jar in a Java application I'm coding.
Not only as an archiving means, but also because it can be signed
easily.
To make the long story short, the Jar archive would contain a text file,
and
would be signed by everyone who enters in its possession and agrees with
the
content of the text file. The signer would then distribute the newly
signed
Jar to others.
Since I can't ask every user to get a X.509 certificate, the idea is to
sign
the .jar with their PGP key by following exactly the Jar and Manifest
specifications (http://java.sun.com/j2se/1.4.2/docs/guide/jar/jar.html).
Those specs tell us that PKCS7 RSA, PKCS7 DSA and PGP are supported by
default, and even that one can use its own algorithm.
However, I have a few problems :
1- I can't find any live example of Jar signed with PGP
2- can't even any info about doing it programmatically
3- the 'keytool' util (with Sun's jdk) don't want to import my PGP keys
in
the .keystore (even if I ask him very kindly) so I can use it with the
'jarsigner' util :-[
So, a few questions that may protect me from doing naughty things :
1- am I totally nuts to want to do this ?
2- do you know a way to intrude my PGP key in the evil .keystore ?
3- do you know some application on the web (and open source preferably)
using
PGP to sign Jar archives ?
cheers, cbonar
_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
More information about the Gnupg-users
mailing list