Signing Software With Netscape Signing Tool 1.1

Table of Contents | Previous | Next | Last

Signing Software with Netscape Signing Tool 1.1

Chapter 1
Introduction to the Netscape Signing Tool

This chapter reviews basic concepts that you need to understand before you begin using version 1.1 of the Netscape Signing Tool to sign files or JavaScript scripts. If you are already familiar with object-signing concepts, go straight to Chapter 2, "Using the Netscape Signing Tool."

Important Version .60 of the Netscape Signing Tool (zigbert on the command line) has been superseded by versions 1.0 and 1.1 (signtool on the command line). For information about version .60 of the Netscape Signing Tool, see Signing Software with Netscape Signing Tool .60.You may need this information, for example, to maintain Page Signer Perl scripts based on version .60. Such scripts are unnecessary with 1.0 and later versions of the Netscape Signing Tool. However, Perl scripts written for use with version .60 are still supported in versions 1.0 and 1.1.

Sections in this chapter:

What Is the Netscape Signing Tool?
What's New in Version 1.1
JAR Format and JAR Archives
What Signing a File Means
Public-Key Cryptography and Certificates

For a complete introduction to Object Signing, see Netscape Object Signing: Establishing Trust for Downloaded Software on Netscape DevEdge.

What Is the Netscape Signing Tool?

The Netscape Signing Tool is a stand-alone command-line tool that creates digital signatures and uses the Java Archive (JAR) format to associate them with files in a directory. It is intended for use by system administrators using Netscape Mission Control and by developers who want to distribute software electronically over the Internet.

Netscape Signing Tool 1.1 is available for the following platforms:

Windows 95 and NT

Solaris

IRIX

HP-UX

Linux 2.0

This document describes how to use Netscape Signing Tool 1.1 to sign Java applets, JavaScript scripts, plug-ins, and other files and how to package the signed objects in a JAR archive (also called a JAR file), which is a digital envelope for a compressed collection of files. Communicator client software uses JAR archives to install or update software automatically.

Electronic software distribution over any network involves potential security problems. To help address some of these problems, you can associate digital signatures with the files in a JAR archive. Digital signatures allow Communicator to perform two operations that are important to end users:

confirm the identity of the individual, company, or other entity whose digital signature is associated with the files

check whether the files have been tampered with since being signed

You do not need to understand the technical details of JAR archives or digital signatures to use the Netscape Signing Tool. However, you do need some familiarity with the concepts described in the rest of this chapter. If you are already familiar with basic object-signing concepts, go straight to Chapter 2, "Using the Netscape Signing Tool."

What's New in Version 1.1

In addition to the capabilities supported by earlier versions of the Netscape Signing Tool, version 1.1 supports new options you can use to

Read options from a command file specified by the -f command line option (see Chapter 3, "SignTool Syntax and Options").

Redirect information and error message output to an output file specified by the --outfile command line or command file option (see Chapter 3, "SignTool Syntax and Options").

Block recursion into subdirectories when signing a directory's contents, or parsing HTML, by using --norecurse (see Chapter 3, "SignTool Syntax and Options").

Aid debugging with --leavearc by retaining the temporary .arc directories that the -J option creates (see Chapter 3, "SignTool Syntax and Options").

Control how much information the Netscape Signing Tool displays by setting a value with the --verbosity option (see Chapter 3, "SignTool Syntax and Options").

Make full use of the -J option introduced in Netscape Signing Tool 1.0. Improvements include correctly recognizing the CODEBASE attribute, allowing paths to be expressed for the CLASS and SRC attributes instead of filenames only, processing LINK tags and parsing HTML correctly, and better error messages. See more about the -J option in Chapter 3, "SignTool Syntax and Options."

Give an informative error message if the Netscape Signing Tool encounters a key3.db key database file that lacks password protection.

Allow multiple instances of the -e and -x file type inclusion and exclusion options on a single command line (see Chapter 3, "SignTool Syntax and Options").

Netscape Signing Tool 1.1 also supports the following new features first introduced in version 1.0:

List the available signing certificates and their issuing CAs (see Chapter 2, "Using the Netscape Signing Tool").

Create a JAR file automatically without the use of a separate ZIP utility (see Chapter 2, "Using the Netscape Signing Tool").

Generate test object-signing certificates (see Chapter 4, "Generating Test Object-Signing Certificates").

Create multiple JAR files automatically for a directory containing HTML files with JavaScript archive tags (see Chapter 5, "Signing Inline JavaScript Scripts").

Perform cryptographic operations in FIPS-140-1 validated mode with the aid of Netscape's FIPS-validated cryptographic module. (see Chapter 7, "Netscape Signing Tool and FIPS-140-1").

Use DSA keys to sign and verify JAR files.

For a complete list of the Netscape Signing Tool command-line options, see Chapter 3, "SignTool Syntax and Options."

JAR Format and JAR Archives

The Java Archive (JAR) format is a set of conventions for associating digital signatures, installer scripts, and other information with files in a directory. Signing tools such as the Netscape Signing Tool allow you to sign files using the JAR format and package them as a single JAR file. JAR files are used by Communicator client software to support automatic software installation, user-controlled access to local system resources by Java applets, and other features that help address potential security problems.

The JAR file type is a registered Internet MIME type based on the standard cross-platform ZIP archive format. A JAR file functions as a digital envelope for a compressed collection of files. The JAR file type is distinct from the JAR format, which is simply a way of organizing information in a directory.

Because the JAR format doesn't require a digital signature to be stored physically inside the file with which it is associated, JAR files are extremely flexible. You can use the Netscape Signing Tool to sign any files, including Java class files, Communicator plug-ins, or any other kind of document or application. You can also use version 1.1 of the Netscape Signing Tool to sign inline JavaScript scripts.

You must create a JAR file if you want to take advantage of Communicator's SmartUpdate feature. Communicator can automatically locate, download, and install components, plug-ins, and Java classes on a user's machine, thus freeing the user from this chore. Automatic software installation also helps both software developers who want to distribute software and updates over the Internet and system administrators using Mission Control to manage a corporate intranet.

You don't need to know anything else about the JAR format to use the Netscape Signing Tool, which takes care of the details for you. For detailed information about the JAR format, see The Jar Format on Netscape DevEdge.

For detailed information about using the JAR Installation Manager to package your software for use with SmartUpdate, see Using JAR Installation Manager for SmartUpdate.

What Signing a File Means

If you have a signing certificate, you can use the Netscape Signing Tool to digitally sign files and package them as a JAR file. In general, a certificate is an electronic document used to identify an individual, company, or other entity. An object-signing certificate is a special kind of certificate that allows you to associate your digital signature with one or more files. For a brief overview of certificates, see Public-Key Cryptography and Certificates. For information about obtaining an object-signing certificate, see Object-Signing Tools on Netscape DevEdge.

An individual file can potentially be signed with multiple digital signatures. For example, a commercial software developer might sign the files that constitute a software product to prove that the files are indeed from a particular company. A network administrator manager might sign the same files with an additional digital signature based on a company-generated certificate to indicate that the product is approved for use within the company.

The significance of a digital signature is comparable to the significance of a handwritten signature. Once you have signed a file, it is difficult to claim later that you didn't sign it. In some situations, a digital signature may be considered as legally binding as a handwritten signature. Therefore, you should take great care to ensure that you can stand behind any file you sign and distribute.

For example, if you are a software developer, you should test your code to make sure it is virus-free before signing it. Similarly, if you are a network administrator, you should make sure, before signing any code, that it comes from a reliable source and will run correctly with the software installed on the machines to which you are distributing it.

Public-Key Cryptography and Certificates

This section provides a brief overview of public-key cryptography in relation to object signing. For a more complete discussion of public-key cryptography and certificates, see Introduction to Public-Key Cryptography.

Public-key cryptography involves a pair of keys associated with each individual or entity that needs to send secure messages electronically: a public key and a private key. Each public key is published, but the corresponding private key is kept secret. Messages encrypted with your private key can be decrypted only with your public key, and messages encrypted with your public key can be decrypted only with your private key.

You can freely distribute a public key, and as long as you keep the corresponding private key safe, only you will be able to read messages encrypted using the public key. You can also use your private key to sign a message with your digital signature, which allows Communicator software (with the aid of your public key) to confirm that the message was signed with your private key and that it hasn't been tampered with since being signed.

To obtain a public key and a corresponding private key for your own use, you must request a certificate from a certificate authority. Certificate authorities (CAs) are trusted entities, such as VeriSign, Thawte and Belsign, that issue certificates after verifying the identities of the persons or organization requesting them. When you request a certificate, your copy of Communicator generates both a public key and the corresponding private key and sends the public key to the certificate authority. The certificate authority gives you a certificate, which is a digital document that binds a particular public key to an individual or entity. Certificates help prevent the use of fake public keys for impersonation.

A certificate is like a driver's license, a passport, or any other personal ID that provides generally recognized proof of a person's identity. A certificate always includes a public key and the name of the entity it identifies. Most certificates also include an expiration date, the name of the certificate authority that issued the certificate, a serial number, and other information. Most importantly, a certificate includes the digital signature of the certificate authority.

Every digital signature points to a certificate that validates the public key of the signer. Communicator can check the validity of not only the signer's public key but also the certificate issuer's public key, the public key of the authority that issued the certificate issuer's certificate, and so on. This process of checking the certificate hierarchy continues until Communicator reaches a certificate authority that is included in its list of accepted CAs. If Communicator can't successfully traverse the certificate hierarchy and identify a CA included in its list, it won't accept the original digital signature.

In addition to allowing the exchange and verification of encrypted and signed messages, public-key cryptography and certificates facilitate digital signing of files using tools such as the Netscape Signing Tool. However, before you can use the Netscape Signing Tool to sign files, you must have an object-signing certificate, which is a special certificate whose associated private key is used to create digital signatures using Netscape object-signing technology. For information about obtaining your own signing certificate, see Object-Signing Tools on Netscape DevEdge.

Java applets that require special access to local system resources must be signed with the private key associated with an object-signing certificate that Communicator client software can validate. They must also use a set of classes, called the Capabilities classes, that add facilities to and refine the control provided by the standard class java.SecurityManager. The Capabilities classes let Java applets explicitly request the kind of access they need. For information about the Capabilities classes, see Java Capabilities API on Netscape DevEdge.

When you receive an object-signing certificate for your own use, it is automatically installed in your copy of the Communicator client software. Communicator supports the public-key cryptography standard known as PKCS #12, which governs key portability. You can, for example, move an object-signing certificate and its associated private key from one computer to another on a credit-card-sized device called a smart card. For information about using the Netscape Signing Tool with smart cards, see Chapter 6, "Using the Netscape Signing Tool with Smart Cards."

For more information about public-key cryptography and object signing, see Netscape Object Signing: Establishing Trust for Downloaded Software on Netscape DevEdge.

Table of Contents | Previous | Next | Last

Last Updated: 06/19/98 13:23:45

DevEdge Online FAQ
Developer Response Center
Join DevEdge Program