Thanks for the information Drew. I think for right now, I am going to continue using the <exec>.
>Don't know of a comparison document. But I could try to dig up the >Docs on each from Netscape and Sun if it's important to you. Thanks, but you don't have to do that. I will go out to their sites and read the docs if I need to. -----Original Message----- From: Drew Sudell [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 23, 2002 12:35 PM To: Ant Users List Subject: Signtool vs. JavaSign Robert Priest writes: > In our build process we sign jars with netscape's signtool, but I would like > to switch that to use javasign and ant's <SignJar> task. > > Is that pretty much an even switch or do I need to be concerned about > certain thing? > > Does anyone know of a comparison document between the two? Netscape's signtool is essentially a rewrite/extension of Sun's jar signing tool. It does a few extra, Netscape specific, things. The one that comes to mind is signing javascript code in html files. That's important if you want to do something privileged on the client in a bit of javascript. If you are just signing the class files in the jar, for use by the classloader or just so you can verify them later as an integrity check, I don't see any advantage to signtool off the top of my head. Don't know of a comparison document. But I could try to dig up the Docs on each from Netscape and Sun if it's important to you. The Sun stuff is pretty well doced in the JDK and JCE docs. The Netscape stuff was on their developer site, but if I recall took a bit of digging to find. > > Using <SignJar> is the keystore attribute the same as the '-d "certificate > directory"' argument in signtool? > if not, how do you specify a "certificate directory" They are similar concepts, but not the same. The certificates should be compatible if you export/import them. [No, I haven't done that.] But the files themselves are not. Netscape uses a keystore that is a couple of DBM files that sit in the certificate directory. The JSA keystore concept is a single file that holds both private keys and certificates. The format is unspecified, only the interface from Java is speced. But only the keystore provider needs to know the format. > > > As of now, I am calling signtool using an <exec> task. That's about how I used it when I had to sign some javascript code that deployed into a webapp. Not sure a task would add much, at least in my case it would not have. Drew -- Drew Sudell [EMAIL PROTECTED] http://www.op.net/~asudell -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
