Signing applets for JDBC-ODBC use locally with java.sql.*

Sometimes you get really frustrated because when you finally got the code right the security
issues hit you right in the face.
The next part of my scratchbook is about how to connect to a local MSACCESS database
with signed jar files.
Prerequisits:

You've set the Data Source Administration for MsAccess 97 under WinNT or MsAccess 7.0 under Windows 95.
you've created the Java code to connect to the database

After this you'll get the following error about checkpackage from either the appletviewer or netscape Java Console.

sun.applet.AppletSecurityException: checkpackageaccess
at sun.applet.AppletSecurity.checkPackageAccess(AppletSecurity.java:628)

at sun.applet.AppletClassLoader.loadClass(AppletClassLoader.java:187)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:313)
at NorthWind.(NorthWind.java:21)
at NorthWindApp.init(NorthWindApp.java:32)
at sun.applet.AppletPanel.run(AppletPanel.java:287)
at java.lang.Thread.run(Thread.java:474)
sun.applet.AppletSecurityException: checkpackageaccess
at sun.applet.AppletSecurity.checkPackageAccess(AppletSecurity.java:628)

This means that the jar file or classes you used are not signed for use.

Then the question is: How to sign the package?
First you have to create a signer user before you can sign your jar-package. If we consider this we will have to follow the following steps.
if you already have a signer skip the first part, check this by using javakey -ld.

Signing is done in the following steps:

First part:

create a user as a signer

generating keys for the signer

generating certificates (cert_directive)

Second part:

create jar files

javakey -gs sign_directive northwind.jar (sign_directive)

javac -d . -classpath %CLASSPATH% NorthWind.java NorthWindApp.java

echo creating signatures as kaana signer
javakey -cs "kaana" true
echo generating Keys for kaana signer
javakey -gk "kaana" DSA 512 kaana

echo generating certificates
javakey -gc cert_directive

:create_jar
echo creating NorthWind.jar files
del *.jar
jar cf northwind.jar *.class

echo generating signatures...
javakey -gs sign_directive northwind.jar
del *.jar
move northwind.jar.sig northwind.jar

Certificate directive

The certificate directive is used to create a user that creates certificates. Later this certificate will be used to sign to the applet by the signer.

#
# This is a sample certificate directive file.
#

# the id of the signer

issuer.name=kaana

# the cert to use for the signing (this is where it gets it DN)

issuer.cert=1

# the id of the subject

subject.name=kaana

# the components of the X500 name for the subject

subject.real.name=Andre Kaan
subject.org.unit=HIB
subject.org=Gemeentelijk Havenbedrijf Rotterdam
subject.country=NL

# Various parameters: start and end date for validity and expiration
# of the certificate. Serial number. FIle to which to output the
# certificate (optional).

start.date=10 Dec 1996
end.date=1 Sept 1998 life span of the certificate
serial.number=1001 must be unique number for every package
out.file=duke.x509

Sign directive
The Sign Directive is used to sign packages, applets and jars.

#
# Jar signing directive. This is the directive file used by javakey to
# sign a jar file.
#

# Which signer to use. This must be in the system's database.

signer=kaana

# Cert number to use for this signer. This determines which
# certificate will be included in the PKCS7 block. This is mandatory
# and is 1 based.

cert=1

# Cert chain depth of a chain of certificate to include. This is
# currently not supported.

chain=0

# The name to give to the signature file and associated signature
# block. (i.e. DUKESIGN.SF and DUKESIGN.DSA). This must be 8
# characters or less.

signature.file=jdbcSig