While the Java programming language was created with the capabilities of networking and distributed computing in mind, the Java virtual machine will not allow any untrusted applet to perform operations that might compromise the security of the user’s machine. In general, an applet will cause a security exception to be raised by the virtual machine if any untrusted applet attempts to:
- make network connections to any destination other than the originating host of the applet
- create, read, write, or check the existence of files on the client file system
This is exactly what unsuspecting users need to prevent an attack from a rogue Internet virus. But how is an honest software developer to create an applet that accesses multiple network hosts or saves a user’s work or preferences to the local client? The answer is with digital signatures!
Digital certificates
Just as we authenticate paper documents with a signature, anyone can use digital signatures to prove ownership with electronic documents and applets. To generate a digital signature for electronic documents or software, the author simply runs a one-way hashing algorithm on his/her files to create a unique hash value for the given contents. The digital signature is then created when this hash value is encrypted with the author’s private key (created when the digital certificate is issued) and bundled with the author’s digital certificate. The original file and associated signature are then packed into a JAR (Java ARchive) file along with the author’s digital certificate for handling convenience and download efficiency.After a user downloads the JAR file to his/her browser, the public key is used to decrypt the digital signature and retrieve the original one-way hash. The same hashing algorithm used by the author is then run on the contents of the JAR file to generate a separate hash value. If the two hash values are identical, the contents are indeed authentic. If the hash values do not match, then the contents of the JAR file were tampered with after creation or in transit.
Once an applet is authenticated in this manner, the user may be prompted for permission to either grant or deny the applet the security privileges it requests. Before mindlessly clicking the “Grant” button, realize that an authenticated applet is merely a confirmation that the author is who he/she says he/she is — as verified by the certificate authority — and that the applet has not been altered since being signed by the author. Authentication with digital signatures does not mean that an applet will not behave maliciously and unethically! The ultimate decision of whether or not to trust an applet always rests with the user. Authentication simply allows the user to make an informed decision.
Trusted applet demo
With that said, you can download and run a digitally signed applet, HTMLViewer. Please note that you will need to use Netscape Navigator 4.0.4 and the latest version of the Java RunTime Environment to do so. The links to download these versions appear the end of this article. Once running, it will let you display the source code of any URL you give it, provided you grant it the permission to access any host besides the one from which it originated. It connects to Yahoo! by default, but you may go anywhere else by typing a new destination in the URL textfield and hitting the RETURN key.How to sign an applet
The steps to create a signed applet such as HTMLViewer are listed below. Note that you can digitally sign applets for use with Internet Explorer 4.0 as well, but the signing tools and security API for the browser are different than those for Navigator.- Download the necessary software and documentation:
- JavaSoft JDK 1.1
- Netscape Navigator 4.0.4 or greater
- Netscape Navigator JDK 1.1 class update
- Netscape Java Capabilities API – API for applet security within Navigator
- Netscape Capabilities API JavaDocs
- Netscape zigbert - JAR signing tool
- Register for your Class 2 digital certificate for individual software developers from VeriSign or another certificate authority. It will cost you $20. This requires the use of Netscape Navigator, since your private key for generating digital signatures will be stored in Navigator’s key database. I would strongly recommend saving a copy of your private key — in a secure place — for browser upgrades or installation on multiple machines.
- Code and compile an applet like HTMLViewer that would normally break the Java Virtual Machine’s security model. Preface all URL connections or file read/writes in your applet with a call to the Netscape PrivilegeManager class requesting the necessary privilege. Example:
- Copy all necessary files for the applet to a new directory for signing:
Generate the signature for the files using your private key from the Communicator key database, create the signed JAR file, and verify it using Netscape’s signing tools:
- Create an HTML file that refers to the applet in the signed JAR file:
- Upload the signed.jar file and the referring HTML page to your Internet host and try it out!
Links on this article:
- JavaSoft’s Web site
- Definition of hashing algorithms
- Java ARchive
- JavaSoft’s JDK 1.1
- Netscape Navigator 4.0 download
- Netscape Navigator JDK 1.1 class update
- Netscape Java capabilities API
- Netscape capabilities API JavaDocs
- Class 2 digital certificate
- Verisign Web site
- Definition of certificate authority
- Yahoo!
- Netscape zigbert - JAR signing tool
Gary Howard is a software engineer for Cisco Systems, Inc., the world’s leading supplier of networking equipment, of San Jose, CA. You may contact him directly at ghoward@cisco.com or http://www.employees.org/~ghoward/.
HTMLViewer – A Digitally Signed Applet
HTMLViewer allows you to display the HTML source code of any URL you give it, provided you grant it the permission to access any host besides the one it originated from. It connects to Yahoo! by default but you may view any other page by simply typing a new destination in the URL textfield and hitting the RETURN key. [Download source archive]
Gary Howard
- PrivilegeManager.enablePrivilege(“UniversalConnect”);
showFile(url.openStream());
- mkdir SIGN
cp * SIGN
- zigbert -k “ghoward@iname.com” SIGN
cd SIGN
zip -r ../signed.jar *
cd ..
zigbert -v signed.jar
- <HTML>
<TITLE>HTMLViewer</TITLE>
<BODY>
<APPLET
CODE=HTMLViewer.class
ARCHIVE=signed.jar
HEIGHT=200
WIDTH=550
ALIGN=CENTER><PARAM NAME=”url” VALUE=”http://www.yahoo.com/”>
</APPLET>
</BODY>
</HTML>