How to make prevent public key inside jar to be saved using Java code
Posted
by Abhijith V R
on Stack Overflow
See other posts from Stack Overflow
or by Abhijith V R
Published on 2010-05-07T11:36:43Z
Indexed on
2010/05/07
11:38 UTC
Read the original article
Hit count: 320
After signing a jar , we can retrieve the public keys from jar using
Certificate[] cert = jarentry.getCertificates();
Once certificate is extracted we can save this to a new keystore as trusted cert.
Once this is done , then second user can sign any jar using this certificate , isn't ?
I want to distribute content as jars , contents will contain properties files for a application init.
I want to make sure that an user is not capable to rebuilding the property files using the certificate he extracted from jarentry.
In the code which reads the jar contents i am checking that jar is signed with my certificate only and also checking that jar is not tampered with .
But the issue came to my mind that if i am able to extract the cerificate from jar then why don;t a third guy ?
Can any one help me in this............
© Stack Overflow or respective owner