Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Question for deployment: Does JRE Install include keytool, etc?

 
Robert Paris
Ranch Hand
Posts: 585
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I want to offer clients who install my app an easy way to import my certificate into their keystore and then update their security policy. Does anyone know, if they just have the JRE (no JDK) will that include:
1. keytool
2. default .keystore
3. jarsigner
 
karl koch
Ranch Hand
Posts: 388
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i dont have a clue....but how about you try and tell us :-)
k
 
Cindy Glass
"The Hood"
Sheriff
Posts: 8521
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I believe that this is part of the JCE API.
 
Robert Paris
Ranch Hand
Posts: 585
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks. I'm assuming JCE is not part of JRE?
 
Robert Paris
Ranch Hand
Posts: 585
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
OK, I finally got the answer:
http://java.sun.com/products/jdk/1.2/jre/README.html
Says keytool is optional on all OS's. So that leads me to a question:
1. If the only way I can grant rights to code that is signed is by importing it into a keystore and then in the ".policy" file listing that keystore and the alias name of the certificate with a grant - then how does the JRE do it without keytool? How could I guarantee that I can walk the user through this? There has to be a way. How do applets do this?
 
Cindy Glass
"The Hood"
Sheriff
Posts: 8521
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Robert,
This sounds an awful lot like security to ME.
What kind of an architecture are you using (apparently not Applets). If you just deploy an application on a PC (for instance off a CD or whatever) then there is no security required at all.
 
Robert Paris
Ranch Hand
Posts: 585
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
My app can be used two ways:
1. in regular Java Apps
2. In a web App
In both cases, whether or not there is security depends on whether the app (web or other app) that is using my code has turned security on. So I need to be able to execute whether or not security is on. I agree that now this has become a security issue, but that's only because keytool is optional. The main question was: does it have keytool. Since I know it doesn't, I should start a new thread in security which i will do now, asking a diff. question: how do i programmatically create a keystore and import my certificate into it?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic