Microsoft SDK for Java

Signing a Cabinet File with Java Permissions

To sign a cabinet file with Java permissions, use the signcode utility and specify the -j JavaSign.dll option. You can also use the -jp option to specify the exact permissions in the signature.

The command line for signcode with Java permission information is as follows:

signcode [options] -j JavaSign.dll [-jp level] [more options] cabfile.cab

Note the following about this command line:

The -j JavaSign.dll option tells signcode to use Java permission information.

The -jp level option specifies the security level to encode in the cabinet file. The level string must appear immediately after the -j parameter. You can use any of the following flags.

Security Level Flags Use For
Low, Medium, or High Cabinet files containing only Java code
LowX, MediumX, or HighX Cabinet files containing Java code and ActiveX controls

If the –jp option is not specified, a default level of LowX will be used. Note that if your cabinet file contains only ActiveX controls, you should not sign it with Java permissions. See Cabinet File Permission Levels for more information about these security levels.

You can set custom permissions instead of using one of these predefined security levels. Custom permissions must be defined in a permissions .ini file, which can be created by hand or by using the piniedit tool. For additional information on creating the .ini file, see Java Permissions .INI Values Reference. To use a custom permissions file with signcode, use the –jp option and specify the .ini file name instead of the security level. For example:

signcode -j JavaSign.dll -jp SamplePerms.ini MyCabFile.cab

Cabinet File Signing Procedure

The following steps show how to sign a cabinet file with Java permissions using signcode and several other tools provided by the Microsoft SDK for Java.

  1. Create a certificate with the makecert utility.
    C:\..\>makecert -sk MyKeyName -n "CN=My Publisher Name" MyTestCert.cer
    
  2. Turn your certificate into a test Software Publisher Certificate (SPC) using the cert2spc utility. A valid SPC is obtained from a Certification Authority.
    C:\..\>cert2spc MyTestCert.cer MyTestCert.spc
    
  3. Use signcode to sign the cabinet file with the permissions. The following command line signs MyApplet.cab with medium permissions, using the key and certificate created previously.
    C:\..\>signcode -j javasign.dll -jp medium -spc MyTestCert.spc
       -k MyKeyName MyApplet.cab
    
  4. Use the chkjava utility to verify that the appropriate permissions have been correctly encoded in the file.
    C:\..\>chkjava MyApplet.cab
    

For more information on all the parameters for makecert, cert2spc, signcode, and chkjava, see the Microsoft SDK for Java Tools Reference.

© 1999 Microsoft Corporation. All rights reserved. Terms of use.