To sign a cabinet file with Java permissions, use the signcode utility and specify the -j JavaSign.dll option. You can also use the -jp option to specify the exact permissions in the signature.
The command line for signcode with Java permission information is as follows:
signcode [options] -j JavaSign.dll [-jp level] [more options] cabfile.cab
Note the following about this command line:
The -j JavaSign.dll option tells signcode to use Java permission information.
The -jp level option specifies the security level to encode in the cabinet file. The level string must appear immediately after the -j parameter. You can use any of the following flags.
Security Level Flags | Use For |
Low, Medium, or High | Cabinet files containing only Java code |
LowX, MediumX, or HighX | Cabinet files containing Java code and ActiveX controls |
If the –jp option is not specified, a default level of LowX will be used. Note that if your cabinet file contains only ActiveX controls, you should not sign it with Java permissions. See Cabinet File Permission Levels for more information about these security levels.
You can set custom permissions instead of using one of these predefined security levels. Custom permissions must be defined in a permissions .ini file, which can be created by hand or by using the piniedit tool. For additional information on creating the .ini file, see Java Permissions .INI Values Reference. To use a custom permissions file with signcode, use the –jp option and specify the .ini file name instead of the security level. For example:
signcode -j JavaSign.dll -jp SamplePerms.ini MyCabFile.cab
The following steps show how to sign a cabinet file with Java permissions using signcode and several other tools provided by the Microsoft SDK for Java.
C:\..\>makecert -sk MyKeyName -n "CN=My Publisher Name" MyTestCert.cer
C:\..\>cert2spc MyTestCert.cer MyTestCert.spc
C:\..\>signcode -j javasign.dll -jp medium -spc MyTestCert.spc -k MyKeyName MyApplet.cab
C:\..\>chkjava MyApplet.cab
For more information on all the parameters for makecert, cert2spc, signcode, and chkjava, see the Microsoft SDK for Java Tools Reference.