Has anyone successfully used signature timestamps in a Java applet?

Question

Has anyone successfully used signature timestamps in a Java applet?

Java 1.5 has added an improvement to support subscription timestamps. The idea, as far as I can tell, is that signed jar files should not become invalid just because the code signing certificate has expired if the files were signed while the certificate is valid. Theoretically, this means that we do not need to re-sign and relocate our applications every year when the certificate expires. Unfortunately, this implementation seems to have problems based on these two forums:

http://forums.sun.com/thread.jspa?threadID=744677
http://forums.sun.com/thread.jspa?threadID=5309004

I'm about to start testing this, but I was wondering if anyone managed to successfully do this without importing a timestamping certificate on the client (which could damage the whole target)?

+5

java security applet

Jason day Jan 12 '09 at 16:11

source share

2 answers

Unfortunately, this feature is currently completely useless. It's easy to add a timestamp when signing a jar file, just add this parameter to the command jarsigner:

-tsa https://timestamp.geotrust.com/tsa

URL- timestamping Thawte. , CA -- Thawte CA Java, . , , "", "".

" ", , , CA , keytool . , , , .

, . , timestamping CA cert Java .

+4

Jason Day 14 . '09 16:06

Sean mullan · Accepted Answer · 2010-02-03T14:39:07+0000

The Thawte TSA root certificate was added to the Sun JRE cacerts file in the 6u10 and 5.0u18 files.

Has anyone successfully used signature timestamps in a Java applet?

More articles: