@@ -308,11 +308,7 @@ When a JAR file is signed multiple times, there are multiple \f3\&.SF\fR and \f3
...
@@ -308,11 +308,7 @@ When a JAR file is signed multiple times, there are multiple \f3\&.SF\fR and \f3
.nf
.nf
\f3KEVIN\&.DSA\fP
\f3KEVIN\&.DSA\fP
.fi
.fi
.nf
\f3\fR
.fi
.sp
.sp
\fINote:\fR It is also possible for a JAR file to have mixed signatures, some generated by the JDK 1\&.1 by the \f3javakey\fR command and others by \f3jarsigner\fR\&. The \f3jarsigner\fR command can be used to sign JAR files that are already signed with the \f3javakey\fR command\&.
.SH OPTIONS
.SH OPTIONS
The following sections describe the various \f3jarsigner\fR options\&. Be aware of the following standards:
The following sections describe the various \f3jarsigner\fR options\&. Be aware of the following standards:
.TP 0.2i
.TP 0.2i
...
@@ -443,7 +439,7 @@ If this option is not specified, then \f3SHA256\fR is used\&. There must either
...
@@ -443,7 +439,7 @@ If this option is not specified, then \f3SHA256\fR is used\&. There must either
.br
.br
If the \f3-certs\fR option appears on the command line with the \f3-verify\fR and \f3-verbose\fR options, then the output includes certificate information for each signer of the JAR file\&. This information includes the name of the type of certificate (stored in the \f3\&.DSA\fR file) that certifies the signer\&'s public key, and if the certificate is an X\&.509 certificate (an instance of the \f3java\&.security\&.cert\&.X509Certificate\fR), then the distinguished name of the signer\&.
If the \f3-certs\fR option appears on the command line with the \f3-verify\fR and \f3-verbose\fR options, then the output includes certificate information for each signer of the JAR file\&. This information includes the name of the type of certificate (stored in the \f3\&.DSA\fR file) that certifies the signer\&'s public key, and if the certificate is an X\&.509 certificate (an instance of the \f3java\&.security\&.cert\&.X509Certificate\fR), then the distinguished name of the signer\&.
The keystore is also examined\&. If no keystore value is specified on the command line, then the default keystore file (if any) is checked\&. If the public key certificate for a signer matches an entry in the keystore, then the alias name for the keystore entry for that signer is displayed in parentheses\&. If the signer comes from a JDK 1\&.1 identity database instead of from a keystore, then the alias name displays in brackets instead of parentheses\&.
The keystore is also examined\&. If no keystore value is specified on the command line, then the default keystore file (if any) is checked\&. If the public key certificate for a signer matches an entry in the keystore, then the alias name for the keystore entry for that signer is displayed in parentheses\&.
.TP
.TP
-certchain \fIfile\fR
-certchain \fIfile\fR
.br
.br
...
@@ -797,178 +793,6 @@ If you specify the \f3-certs\fR option with the \f3-verify\fR and \f3-verbose\fR
...
@@ -797,178 +793,6 @@ If you specify the \f3-certs\fR option with the \f3-verify\fR and \f3-verbose\fR
.fi
.fi
.sp
.sp
If the certificate for a signer is not an X\&.509 certificate, then there is no distinguished name information\&. In that case, just the certificate type and the alias are shown\&. For example, if the certificate is a PGP certificate, and the alias is \f3bob\fR, then you would get: \f3PGP, (bob)\fR\&.
If the certificate for a signer is not an X\&.509 certificate, then there is no distinguished name information\&. In that case, just the certificate type and the alias are shown\&. For example, if the certificate is a PGP certificate, and the alias is \f3bob\fR, then you would get: \f3PGP, (bob)\fR\&.
If a JAR file was signed with the JDK 1\&.1 \f3javakey\fR tool, and the signer is an alias in an identity database, then the verification output includes an \f3i\fR\&. If the JAR file was signed by both an alias in an identity database and an alias in a keystore, then both \f3k\fR and \f3i\fR appear\&.
.PP
When the \f3-certs\fR option is used, any identity database aliases are shown in brackets rather than the parentheses used for keystore aliases, for example:
\f3 k = at least one certificate was found in keystore\fP
.fi
.nf
\f3 i = at least one certificate was found in identity scope\fP
.fi
.nf
\f3\fR
.fi
.nf
\f3 jar verified\&.\fP
.fi
.nf
\f3\fR
.fi
.sp
\fINote:\fR The alias \f3duke\fR is in brackets to denote that it is an identity database alias, and not a keystore alias\&.
.SH JDK\ 1\&.1\ COMPATIBILITY
The \f3keytool\fR and \f3jarsigner\fR tools replace the \f3javakey\fR tool in JDK 1\&.1\&. These new tools provide more features than \f3javakey\fR, including the ability to protect the keystore and private keys with passwords, and the ability to verify signatures in addition to generating them\&.
.PP
The new keystore architecture replaces the identity database that \f3javakey\fR created and managed\&. There is no backward compatibility between the keystore format and the database format used by \f3javakey\fR in JDK 1\&.1\&. However, be aware of the following:
.TP 0.2i
\(bu
It is possible to import the information from an identity database into a keystore through the \f3keytool -identitydb\fR command\&.
.TP 0.2i
\(bu
The \f3jarsigner\fR command can sign JAR files that were signed with the \f3javakey\fR command\&.
.TP 0.2i
\(bu
The \f3jarsigner\fR command can verify JAR files signed with \f3javakey\fR\&. The \f3jarsigner\fR command recognizes and can work with signer aliases that are from a JDK 1\&.1 identity database rather than a JDK keystore\&.
.SS UNSIGNED\ JARS
Unsigned JARs have the default privileges that are granted to all code\&.
.SS SIGNED\ JARS
Signed JARs have the privilege configurations based on their JDK 1\&.1\&.\fIn\fR identity and policy file status as described\&. Only trusted identities can be imported into the JDK keystore\&.
.PP
Default Privileges Granted to All Code
Identity in 1\&.1 database: \fINo\fR
.br
Trusted identity imported into Java keystore from 1\&.1\&. database: \fINo\fR
.br
Policy file grants privileges to identity/alias: \fINo\fR
.PP
.PP
Identity in 1\&.1 database: \fINo\fR
.br
Trusted identity imported into Java keystore from 1\&.1\&. database: \fIYes\fR
.br
Policy file grants privileges to identity/alias: \fINo\fR
.PP
.PP
Identity in 1\&.1 database: Yes/Untrusted
.br
Trusted identity imported into Java keystore from 1\&.1\&. database: \fINo\fR
.br
Policy file grants privileges to identity/alias: \fINo\fR
.br
See 3 in Notes Regarding Privileges of Signed JARs\&.
.PP
.PP
Identity in 1\&.1 database: Yes/Untrusted
.br
Trusted identity imported into Java keystore from 1\&.1\&. database: \fINo\fR
.br
Policy file grants privileges to identity/alias: \fIYes\fR
.br
See 1 and 3 in Notes Regarding Privileges of Signed JARs\&.
.PP
Default Privileges and Policy File Privileges Granted
Identity in 1\&.1 database: \fINo\fR
.br
Trusted identity imported into Java keystore from 1\&.1\&. database: \fIYes\fR
.br
Policy file grants privileges to identity/alias: \fIYes\fR
.PP
.PP
Identity in 1\&.1 database: \fIYes/Trusted\fR
.br
Trusted identity imported into Java keystore from 1\&.1\&. database: \fIYes\fR
.br
Policy file grants privileges to identity/alias: \fIYes\fR
.br
See 2 in Notes Regarding Privileges of Signed JARs\&.
.PP
All Privileges Granted
Identity in 1\&.1 database: \fIYes/Trusted\fR
.br
Trusted identity imported into Java keystore from 1\&.1\&. database: \fINo\fR
.br
Policy file grants privileges to identity/alias: \fINo\fR
.PP
.PP
Identity in 1\&.1 database: \fIYes/Trusted\fR
.br
Trusted identity imported into Java keystore from 1\&.1\&. database: \fIYes\fR
.br
Policy file grants privileges to identity/alias: \fINo\fR
.br
See 1 in Notes Regarding Privileges of Signed JARs\&.
.PP
Identity in 1\&.1 database: \fIYes/Trusted\fR
.br
Trusted identity imported into Java keystore from 1\&.1\&. database: \fINo\fR
.br
Policy file grants privileges to identity/alias: \fIYes\fR
.br
See 1 in Notes Regarding Privileges of Signed JARs\&.
.PP
Notes Regarding Privileges of Signed JARs
.TP 0.4i
1\&.
If an identity or alias is mentioned in the policy file, then it must be imported into the keystore for the policy file to have any effect on privileges granted\&.
.TP 0.4i
2\&.
The policy file/keystore combination has precedence over a trusted identity in the identity database\&.
.TP 0.4i
3\&.
Untrusted identities are ignored in the Java platform\&.
@@ -308,11 +308,7 @@ When a JAR file is signed multiple times, there are multiple \f3\&.SF\fR and \f3
...
@@ -308,11 +308,7 @@ When a JAR file is signed multiple times, there are multiple \f3\&.SF\fR and \f3
.nf
.nf
\f3KEVIN\&.DSA\fP
\f3KEVIN\&.DSA\fP
.fi
.fi
.nf
\f3\fR
.fi
.sp
.sp
\fINote:\fR It is also possible for a JAR file to have mixed signatures, some generated by the JDK 1\&.1 by the \f3javakey\fR command and others by \f3jarsigner\fR\&. The \f3jarsigner\fR command can be used to sign JAR files that are already signed with the \f3javakey\fR command\&.
.SH OPTIONS
.SH OPTIONS
The following sections describe the various \f3jarsigner\fR options\&. Be aware of the following standards:
The following sections describe the various \f3jarsigner\fR options\&. Be aware of the following standards:
.TP 0.2i
.TP 0.2i
...
@@ -443,7 +439,7 @@ If this option is not specified, then \f3SHA256\fR is used\&. There must either
...
@@ -443,7 +439,7 @@ If this option is not specified, then \f3SHA256\fR is used\&. There must either
.br
.br
If the \f3-certs\fR option appears on the command line with the \f3-verify\fR and \f3-verbose\fR options, then the output includes certificate information for each signer of the JAR file\&. This information includes the name of the type of certificate (stored in the \f3\&.DSA\fR file) that certifies the signer\&'s public key, and if the certificate is an X\&.509 certificate (an instance of the \f3java\&.security\&.cert\&.X509Certificate\fR), then the distinguished name of the signer\&.
If the \f3-certs\fR option appears on the command line with the \f3-verify\fR and \f3-verbose\fR options, then the output includes certificate information for each signer of the JAR file\&. This information includes the name of the type of certificate (stored in the \f3\&.DSA\fR file) that certifies the signer\&'s public key, and if the certificate is an X\&.509 certificate (an instance of the \f3java\&.security\&.cert\&.X509Certificate\fR), then the distinguished name of the signer\&.
The keystore is also examined\&. If no keystore value is specified on the command line, then the default keystore file (if any) is checked\&. If the public key certificate for a signer matches an entry in the keystore, then the alias name for the keystore entry for that signer is displayed in parentheses\&. If the signer comes from a JDK 1\&.1 identity database instead of from a keystore, then the alias name displays in brackets instead of parentheses\&.
The keystore is also examined\&. If no keystore value is specified on the command line, then the default keystore file (if any) is checked\&. If the public key certificate for a signer matches an entry in the keystore, then the alias name for the keystore entry for that signer is displayed in parentheses\&.
.TP
.TP
-certchain \fIfile\fR
-certchain \fIfile\fR
.br
.br
...
@@ -797,178 +793,6 @@ If you specify the \f3-certs\fR option with the \f3-verify\fR and \f3-verbose\fR
...
@@ -797,178 +793,6 @@ If you specify the \f3-certs\fR option with the \f3-verify\fR and \f3-verbose\fR
.fi
.fi
.sp
.sp
If the certificate for a signer is not an X\&.509 certificate, then there is no distinguished name information\&. In that case, just the certificate type and the alias are shown\&. For example, if the certificate is a PGP certificate, and the alias is \f3bob\fR, then you would get: \f3PGP, (bob)\fR\&.
If the certificate for a signer is not an X\&.509 certificate, then there is no distinguished name information\&. In that case, just the certificate type and the alias are shown\&. For example, if the certificate is a PGP certificate, and the alias is \f3bob\fR, then you would get: \f3PGP, (bob)\fR\&.
If a JAR file was signed with the JDK 1\&.1 \f3javakey\fR tool, and the signer is an alias in an identity database, then the verification output includes an \f3i\fR\&. If the JAR file was signed by both an alias in an identity database and an alias in a keystore, then both \f3k\fR and \f3i\fR appear\&.
.PP
When the \f3-certs\fR option is used, any identity database aliases are shown in brackets rather than the parentheses used for keystore aliases, for example:
\f3 k = at least one certificate was found in keystore\fP
.fi
.nf
\f3 i = at least one certificate was found in identity scope\fP
.fi
.nf
\f3\fR
.fi
.nf
\f3 jar verified\&.\fP
.fi
.nf
\f3\fR
.fi
.sp
\fINote:\fR The alias \f3duke\fR is in brackets to denote that it is an identity database alias, and not a keystore alias\&.
.SH JDK\ 1\&.1\ COMPATIBILITY
The \f3keytool\fR and \f3jarsigner\fR tools replace the \f3javakey\fR tool in JDK 1\&.1\&. These new tools provide more features than \f3javakey\fR, including the ability to protect the keystore and private keys with passwords, and the ability to verify signatures in addition to generating them\&.
.PP
The new keystore architecture replaces the identity database that \f3javakey\fR created and managed\&. There is no backward compatibility between the keystore format and the database format used by \f3javakey\fR in JDK 1\&.1\&. However, be aware of the following:
.TP 0.2i
\(bu
It is possible to import the information from an identity database into a keystore through the \f3keytool -identitydb\fR command\&.
.TP 0.2i
\(bu
The \f3jarsigner\fR command can sign JAR files that were signed with the \f3javakey\fR command\&.
.TP 0.2i
\(bu
The \f3jarsigner\fR command can verify JAR files signed with \f3javakey\fR\&. The \f3jarsigner\fR command recognizes and can work with signer aliases that are from a JDK 1\&.1 identity database rather than a JDK keystore\&.
.SS UNSIGNED\ JARS
Unsigned JARs have the default privileges that are granted to all code\&.
.SS SIGNED\ JARS
Signed JARs have the privilege configurations based on their JDK 1\&.1\&.\fIn\fR identity and policy file status as described\&. Only trusted identities can be imported into the JDK keystore\&.
.PP
Default Privileges Granted to All Code
Identity in 1\&.1 database: \fINo\fR
.br
Trusted identity imported into Java keystore from 1\&.1\&. database: \fINo\fR
.br
Policy file grants privileges to identity/alias: \fINo\fR
.PP
.PP
Identity in 1\&.1 database: \fINo\fR
.br
Trusted identity imported into Java keystore from 1\&.1\&. database: \fIYes\fR
.br
Policy file grants privileges to identity/alias: \fINo\fR
.PP
.PP
Identity in 1\&.1 database: Yes/Untrusted
.br
Trusted identity imported into Java keystore from 1\&.1\&. database: \fINo\fR
.br
Policy file grants privileges to identity/alias: \fINo\fR
.br
See 3 in Notes Regarding Privileges of Signed JARs\&.
.PP
.PP
Identity in 1\&.1 database: Yes/Untrusted
.br
Trusted identity imported into Java keystore from 1\&.1\&. database: \fINo\fR
.br
Policy file grants privileges to identity/alias: \fIYes\fR
.br
See 1 and 3 in Notes Regarding Privileges of Signed JARs\&.
.PP
Default Privileges and Policy File Privileges Granted
Identity in 1\&.1 database: \fINo\fR
.br
Trusted identity imported into Java keystore from 1\&.1\&. database: \fIYes\fR
.br
Policy file grants privileges to identity/alias: \fIYes\fR
.PP
.PP
Identity in 1\&.1 database: \fIYes/Trusted\fR
.br
Trusted identity imported into Java keystore from 1\&.1\&. database: \fIYes\fR
.br
Policy file grants privileges to identity/alias: \fIYes\fR
.br
See 2 in Notes Regarding Privileges of Signed JARs\&.
.PP
All Privileges Granted
Identity in 1\&.1 database: \fIYes/Trusted\fR
.br
Trusted identity imported into Java keystore from 1\&.1\&. database: \fINo\fR
.br
Policy file grants privileges to identity/alias: \fINo\fR
.PP
.PP
Identity in 1\&.1 database: \fIYes/Trusted\fR
.br
Trusted identity imported into Java keystore from 1\&.1\&. database: \fIYes\fR
.br
Policy file grants privileges to identity/alias: \fINo\fR
.br
See 1 in Notes Regarding Privileges of Signed JARs\&.
.PP
Identity in 1\&.1 database: \fIYes/Trusted\fR
.br
Trusted identity imported into Java keystore from 1\&.1\&. database: \fINo\fR
.br
Policy file grants privileges to identity/alias: \fIYes\fR
.br
See 1 in Notes Regarding Privileges of Signed JARs\&.
.PP
Notes Regarding Privileges of Signed JARs
.TP 0.4i
1\&.
If an identity or alias is mentioned in the policy file, then it must be imported into the keystore for the policy file to have any effect on privileges granted\&.
.TP 0.4i
2\&.
The policy file/keystore combination has precedence over a trusted identity in the identity database\&.
.TP 0.4i
3\&.
Untrusted identities are ignored in the Java platform\&.
@@ -308,11 +308,7 @@ When a JAR file is signed multiple times, there are multiple \f3\&.SF\fR and \f3
...
@@ -308,11 +308,7 @@ When a JAR file is signed multiple times, there are multiple \f3\&.SF\fR and \f3
.nf
.nf
\f3KEVIN\&.DSA\fP
\f3KEVIN\&.DSA\fP
.fi
.fi
.nf
\f3\fR
.fi
.sp
.sp
\fINote:\fR It is also possible for a JAR file to have mixed signatures, some generated by the JDK 1\&.1 by the \f3javakey\fR command and others by \f3jarsigner\fR\&. The \f3jarsigner\fR command can be used to sign JAR files that are already signed with the \f3javakey\fR command\&.
.SH OPTIONS
.SH OPTIONS
The following sections describe the various \f3jarsigner\fR options\&. Be aware of the following standards:
The following sections describe the various \f3jarsigner\fR options\&. Be aware of the following standards:
.TP 0.2i
.TP 0.2i
...
@@ -443,7 +439,7 @@ If this option is not specified, then \f3SHA256\fR is used\&. There must either
...
@@ -443,7 +439,7 @@ If this option is not specified, then \f3SHA256\fR is used\&. There must either
.br
.br
If the \f3-certs\fR option appears on the command line with the \f3-verify\fR and \f3-verbose\fR options, then the output includes certificate information for each signer of the JAR file\&. This information includes the name of the type of certificate (stored in the \f3\&.DSA\fR file) that certifies the signer\&'s public key, and if the certificate is an X\&.509 certificate (an instance of the \f3java\&.security\&.cert\&.X509Certificate\fR), then the distinguished name of the signer\&.
If the \f3-certs\fR option appears on the command line with the \f3-verify\fR and \f3-verbose\fR options, then the output includes certificate information for each signer of the JAR file\&. This information includes the name of the type of certificate (stored in the \f3\&.DSA\fR file) that certifies the signer\&'s public key, and if the certificate is an X\&.509 certificate (an instance of the \f3java\&.security\&.cert\&.X509Certificate\fR), then the distinguished name of the signer\&.
The keystore is also examined\&. If no keystore value is specified on the command line, then the default keystore file (if any) is checked\&. If the public key certificate for a signer matches an entry in the keystore, then the alias name for the keystore entry for that signer is displayed in parentheses\&. If the signer comes from a JDK 1\&.1 identity database instead of from a keystore, then the alias name displays in brackets instead of parentheses\&.
The keystore is also examined\&. If no keystore value is specified on the command line, then the default keystore file (if any) is checked\&. If the public key certificate for a signer matches an entry in the keystore, then the alias name for the keystore entry for that signer is displayed in parentheses\&.
.TP
.TP
-certchain \fIfile\fR
-certchain \fIfile\fR
.br
.br
...
@@ -797,178 +793,6 @@ If you specify the \f3-certs\fR option with the \f3-verify\fR and \f3-verbose\fR
...
@@ -797,178 +793,6 @@ If you specify the \f3-certs\fR option with the \f3-verify\fR and \f3-verbose\fR
.fi
.fi
.sp
.sp
If the certificate for a signer is not an X\&.509 certificate, then there is no distinguished name information\&. In that case, just the certificate type and the alias are shown\&. For example, if the certificate is a PGP certificate, and the alias is \f3bob\fR, then you would get: \f3PGP, (bob)\fR\&.
If the certificate for a signer is not an X\&.509 certificate, then there is no distinguished name information\&. In that case, just the certificate type and the alias are shown\&. For example, if the certificate is a PGP certificate, and the alias is \f3bob\fR, then you would get: \f3PGP, (bob)\fR\&.
If a JAR file was signed with the JDK 1\&.1 \f3javakey\fR tool, and the signer is an alias in an identity database, then the verification output includes an \f3i\fR\&. If the JAR file was signed by both an alias in an identity database and an alias in a keystore, then both \f3k\fR and \f3i\fR appear\&.
.PP
When the \f3-certs\fR option is used, any identity database aliases are shown in brackets rather than the parentheses used for keystore aliases, for example:
\f3 k = at least one certificate was found in keystore\fP
.fi
.nf
\f3 i = at least one certificate was found in identity scope\fP
.fi
.nf
\f3\fR
.fi
.nf
\f3 jar verified\&.\fP
.fi
.nf
\f3\fR
.fi
.sp
\fINote:\fR The alias \f3duke\fR is in brackets to denote that it is an identity database alias, and not a keystore alias\&.
.SH JDK\ 1\&.1\ COMPATIBILITY
The \f3keytool\fR and \f3jarsigner\fR tools replace the \f3javakey\fR tool in JDK 1\&.1\&. These new tools provide more features than \f3javakey\fR, including the ability to protect the keystore and private keys with passwords, and the ability to verify signatures in addition to generating them\&.
.PP
The new keystore architecture replaces the identity database that \f3javakey\fR created and managed\&. There is no backward compatibility between the keystore format and the database format used by \f3javakey\fR in JDK 1\&.1\&. However, be aware of the following:
.TP 0.2i
\(bu
It is possible to import the information from an identity database into a keystore through the \f3keytool -identitydb\fR command\&.
.TP 0.2i
\(bu
The \f3jarsigner\fR command can sign JAR files that were signed with the \f3javakey\fR command\&.
.TP 0.2i
\(bu
The \f3jarsigner\fR command can verify JAR files signed with \f3javakey\fR\&. The \f3jarsigner\fR command recognizes and can work with signer aliases that are from a JDK 1\&.1 identity database rather than a JDK keystore\&.
.SS UNSIGNED\ JARS
Unsigned JARs have the default privileges that are granted to all code\&.
.SS SIGNED\ JARS
Signed JARs have the privilege configurations based on their JDK 1\&.1\&.\fIn\fR identity and policy file status as described\&. Only trusted identities can be imported into the JDK keystore\&.
.PP
Default Privileges Granted to All Code
Identity in 1\&.1 database: \fINo\fR
.br
Trusted identity imported into Java keystore from 1\&.1\&. database: \fINo\fR
.br
Policy file grants privileges to identity/alias: \fINo\fR
.PP
.PP
Identity in 1\&.1 database: \fINo\fR
.br
Trusted identity imported into Java keystore from 1\&.1\&. database: \fIYes\fR
.br
Policy file grants privileges to identity/alias: \fINo\fR
.PP
.PP
Identity in 1\&.1 database: Yes/Untrusted
.br
Trusted identity imported into Java keystore from 1\&.1\&. database: \fINo\fR
.br
Policy file grants privileges to identity/alias: \fINo\fR
.br
See 3 in Notes Regarding Privileges of Signed JARs\&.
.PP
.PP
Identity in 1\&.1 database: Yes/Untrusted
.br
Trusted identity imported into Java keystore from 1\&.1\&. database: \fINo\fR
.br
Policy file grants privileges to identity/alias: \fIYes\fR
.br
See 1 and 3 in Notes Regarding Privileges of Signed JARs\&.
.PP
Default Privileges and Policy File Privileges Granted
Identity in 1\&.1 database: \fINo\fR
.br
Trusted identity imported into Java keystore from 1\&.1\&. database: \fIYes\fR
.br
Policy file grants privileges to identity/alias: \fIYes\fR
.PP
.PP
Identity in 1\&.1 database: \fIYes/Trusted\fR
.br
Trusted identity imported into Java keystore from 1\&.1\&. database: \fIYes\fR
.br
Policy file grants privileges to identity/alias: \fIYes\fR
.br
See 2 in Notes Regarding Privileges of Signed JARs\&.
.PP
All Privileges Granted
Identity in 1\&.1 database: \fIYes/Trusted\fR
.br
Trusted identity imported into Java keystore from 1\&.1\&. database: \fINo\fR
.br
Policy file grants privileges to identity/alias: \fINo\fR
.PP
.PP
Identity in 1\&.1 database: \fIYes/Trusted\fR
.br
Trusted identity imported into Java keystore from 1\&.1\&. database: \fIYes\fR
.br
Policy file grants privileges to identity/alias: \fINo\fR
.br
See 1 in Notes Regarding Privileges of Signed JARs\&.
.PP
Identity in 1\&.1 database: \fIYes/Trusted\fR
.br
Trusted identity imported into Java keystore from 1\&.1\&. database: \fINo\fR
.br
Policy file grants privileges to identity/alias: \fIYes\fR
.br
See 1 in Notes Regarding Privileges of Signed JARs\&.
.PP
Notes Regarding Privileges of Signed JARs
.TP 0.4i
1\&.
If an identity or alias is mentioned in the policy file, then it must be imported into the keystore for the policy file to have any effect on privileges granted\&.
.TP 0.4i
2\&.
The policy file/keystore combination has precedence over a trusted identity in the identity database\&.
.TP 0.4i
3\&.
Untrusted identities are ignored in the Java platform\&.
