是否可以免费签署 Java 小程序?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1856552/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Is it possible to sign a java applet for free?
提问by Nathan
I made a weird applet which allows you to paint with your voice. Obviously it requires access to the microphone, but Java applets are not allowed access unless they are signed. As far as I can tell its difficult and involves cryptography, and, though its not clear, I think that I'm expected to pay MONEY to Verisign as well. This all seems like a lot of paranoid innovation stifling bullsh** to me and I figure I'm not the first person to think so.
我做了一个奇怪的小程序,它可以让你用你的声音作画。显然它需要访问麦克风,但 Java 小程序除非经过签名,否则不允许访问。据我所知,它很困难并且涉及密码学,虽然不清楚,但我认为我也应该向 Verisign 支付金钱。对我来说,这一切似乎是许多偏执的创新扼杀了牛市**,我想我不是第一个这么认为的人。
Is there just some way to bypass this "for educational or testing purposes?" or maybe turn off the security in my browser? or sign the applet for free?
有没有办法绕过这个“出于教育或测试目的”?或者关闭浏览器中的安全性?或免费签署小程序?
I'm on Ubuntu 9.04 with Firefox 3.0.15 and Java 1.6.0
我使用 Ubuntu 9.04 和 Firefox 3.0.15 和 Java 1.6.0
回答by Alexander Pogrebnyak
You may go one step further and setup your own CA with OpenSSL.
您可能会走一步,并设置自己的CA与OpenSSL的。
This will allow you to create your own root certificate and generate any number of signing or SSL sertificates. You may then distribute your root certificate to your friends and ask them to install it in their respective browsers. After that the certificate chain for certificates create by your CA will always be valid and not self-signed ( many browsers look down on self-signed certs ).
这将允许您创建自己的根证书并生成任意数量的签名或 SSL 证书。然后,您可以将您的根证书分发给您的朋友,并要求他们在各自的浏览器中安装它。之后,由您的 CA 创建的证书的证书链将始终有效并且不是自签名的(许多浏览器看不起自签名证书)。
If you are going to work with OpenSSL CA you may need pkeytoolto import private key into java keystore file.
如果您打算使用 OpenSSL CA,您可能需要pkeytool将私钥导入 java 密钥库文件。
回答by Dan Dyer
You can create a self-signed certificate using the Java keytool. It's sufficient for educational or testing purposes, but if you deploy code signed with it, people are unlikely to trust it.
您可以使用 Java 密钥工具创建自签名证书。它足以用于教育或测试目的,但如果您部署用它签名的代码,人们就不太可能信任它。
I think Thawte used to offer a free e-mail signing certificate that could also be used for signing code. I'm not sure if that is still the case.
我认为 Thawte 曾经提供免费的电子邮件签名证书,该证书也可用于签名代码。我不确定是否仍然如此。
