Contents

Security in JDK 1.2

by Mary Dageforde

---

Note: This is a draft! Please send comments and suggestions on this trail to tutorial@java.sun.com putting the word "security1.2" in the subject.

---

JDK^TM 1.2 provides a number of security features for a wide variety of audiences:

• For users running programs:

  Built-in security functionality for protecting you from malevolent programs (including viruses), maintaining the privacy of your files and information about you, and authenticating the identity of each code provider. For the first time, you can subject applications to security controls (just as is done for applets), when desired.

• For developers:

  API methods for incorporating security functionality into your applications, including cryptography services and security checks.

  An API framework that enables you to define and integrate your own permissions (controlling access to specific resources), cryptography service implementations, security manager implementation, and policy implementation.

  Classes for management of your public/private key pairs and public key certificates from people you trust.

For systems administrators, developers, and users:

Tools for

• managing your keystore (database of keys and certificates),

• generating digital signatures for JAR (Java^TM Archive Format) files, and verifying the authenticity of such signatures and the integrity of the signed contents, and

• creating and modifying the external policy files that define your installation's security policy.

---

Note: Nearly all the security features documented in this trail were added to the Java Development Kit (JDK) for its 1.2 release. Thus, the code examples in the following lessons will work only on Java platforms that are compatible with JDK version 1.2. Individual browsers may have some different behavior, unless you use the Java Plugin to download the latest Java Runtime Environment (JRE) compatible with JDK 1.2.

See Security in JDK 1.1 if you want information about the limited Security API available in JDK 1.1.

---

What This Trail Does Not Cover

This trail does not cover:

• How to create your own security manager. For information about implementing your own security manager in JDK 1.1, refer to Providing Your Own Security Manager . Check the JDK 1.2 release documentation for information regarding security managers in JDK 1.2.

• How to create your own policy implementation.

• Class loaders.

• Encryption and decryption. These are supplied as part of the JCE (Java Cryptography Extension) release.

Trail Lessons

The lessons of this trail are the following:

Security Features Overview provides an overview of the security features available in JDK 1.2.

Quick Tour of Controlling Applets gives a quick tour of some of the new features. It shows how resource accesses (such as reading or writing a file) are not permitted for applets unless explicitly allowed by a permission in a policy file.

Quick Tour of Controlling Applications has the previous Quick Tour lesson as a pre-requisite. This second quick tour lesson applies to applications. It shows how resource accesses may be controlled exactly the same for applications as for applets, when the applications are run under a security manager.

API and Tools Use for Secure Code and File Exchanges describes digital signatures, certificates, and keystores, and discusses why they are needed. It also provides overview information applicable to the next three lessons regarding the steps commonly needed for using the tools or the API to generate signatures, export/import certificates, etc.

Signing Code and Granting It Permissions [Tools] illustrates the use of all the security-related tools (jar, keytool, jarsigner , and policytool). It shows the steps that would be taken by a developer who wants to sign and distribute code for others to run. It also shows how someone who will run the code (or a sysadmin) could add an entry in a policy file granting the code permission for the resource accesses it needs

Exchanging Files [Tools] shows use of the tools by one party to sign an important document, such as a contract, and export the public key certificate for the public key corresponding to the private key used to sign the contract. Then it shows how another party, who receives the contract, the signature, and the public key certificate, can use keytool to import the certificate and the jarsigner tool to verify the signature.

Generating and Verifying Signatures [API] walks you step by step through an example of writing a Java program using the JDK Security API to generate keys, generate a digital signature for data using the private key, and export the public key and the signature to files. Then it shows writing a second program (which may be expected to run on a different person's computer) that imports the public key and verifies the authenticity of the signature. Finally, it discusses potential weaknesses of the approach used by the basic programs and demonstrates possible alternative approaches and methods of supplying and importing keys, including in certificates.

Implementing Your Own Permission demonstrates how to write a class that defines its own special permission.

Summaries provides summaries of

• general security and JDK security-specific terminology and concepts
• the JDK Security API
• the security-related tools
• the security-related files

Additional Documentation

The JDK 1.2 security release documentation can be found with the rest of the release documentation at the public web site http://java.sun.com/products/jdk/1.2/docs/guide/index.html.

Please send comments about this trail to: tutorial@java.sun.com. In your message, place security1.2 in the subject header. Your feedback is important to us!

Contents