How to make prevent public key inside jar to be saved using Java code

Posted by Abhijith V R on Stack Overflow See other posts from Stack Overflow or by Abhijith V R
Published on 2010-05-07T11:36:43Z Indexed on 2010/05/07 11:38 UTC
Read the original article Hit count: 320

Filed under:
|
|
|

After signing a jar , we can retrieve the public keys from jar using

Certificate[] cert = jarentry.getCertificates();

Once certificate is extracted we can save this to a new keystore as trusted cert.

Once this is done , then second user can sign any jar using this certificate , isn't ?

I want to distribute content as jars , contents will contain properties files for a application init.

I want to make sure that an user is not capable to rebuilding the property files using the certificate he extracted from jarentry.

In the code which reads the jar contents i am checking that jar is signed with my certificate only and also checking that jar is not tampered with .

But the issue came to my mind that if i am able to extract the cerificate from jar then why don;t a third guy ?

Can any one help me in this............

© Stack Overflow or respective owner

Related posts about java

Related posts about security