Previous | Next | Trail Map | Security in JDK 1.2  | Signing Code and Granting It Permissions [Tools]

Import the Certificate as a Trusted Certificate

Before you can grant the signed code permission to read a specified file, you need to import Susan's certificate as a "trusted certificate" in your keystore.

Suppose you have received from Susan Jones

Even though you actually created these files, and they haven't actually been transported anywhere, you can simulate being someone other than the creater and sender Susan. Pretend you are now someone else, say Ray. Acting as Ray, you will create a keystore named raystore and will use it to import the certificate into an entry with an alias of "susan".

A keystore is created whenever you use a keytool command specifying a keystore that doesn't yet exist. Thus, we can create the raystore and import the certificate via the following.

In your command window:

  1. Go to the directory containing the public key certificate file SusanJones.cer. (You should actually already be there, since this lesson assumes you stay in a single directory throughout.)

  2. Type the following command:
        keytool -import -alias susan -file SusanJones.cer -keystore raystore
    
Since the keystore doesn't yet exist, it will be created and you will be prompted for a keystore password; type whatever password you want.

keytool will print out the certificate information and ask you to verify it, e.g., by comparing the displayed certificate fingerprints with the fingerprints obtained from some other (trusted) source of information. (Each fingerprint is a relatively short number that uniquely and reliably identifies the certificate.) For example, in the real world, you might call up Susan and ask her what the fingerprints should be. She can get the fingerprints of the SusanJones.cer file she created by executing the command

    keytool -printcert -file SusanJones.cer
If the fingerprints she sees are the same as the ones reported to you by keytool, the certificate has not been modified in transit. In that case, you let keytool proceed with placing a "trusted certificate" entry in the keystore. The entry contains the public key certificate data from the file SusanJones.cer, and is assigned the alias "susan".


Previous | Next | Trail Map | Security in JDK 1.2  | Signing Code and Granting It Permissions [Tools]