Free Online Courses for Software Developers - MrBool
× Please, log in to give us a feedback. Click here to login

You must be logged to download. Click here to login


MrBool is totally free and you can help us to help the Developers Community around the world

Yes, I'd like to help the MrBool and the Developers Community before download

No, I'd like to download without make the donation


MrBool is totally free and you can help us to help the Developers Community around the world

Yes, I'd like to help the MrBool and the Developers Community before download

No, I'd like to download without make the donation

What is self signed applet

In this article we will discuss about the self signed applet. Signed applet ensures the security issues and the user can trust on its behavior.


To start with, we must understand the difference between an applet and application from security perspective. Java virtual machine (JVM) controls applets within a different security region compared to applications. Java applications are by default considered as trusted. The JVM specification assumes that an application is controlled by the developer so it is user’s responsibility to check the security aspect. So java application code is considered as trusted and it is not the responsibility of the JVM to take care of the security. On the other hand applets are controlled by the browser and it starts automatically by the browser after download. So the users are not expected to take the responsibility of the behavior of the applet because they are not aware of the activities of the downloaded applet. So an applet is considered as un-trused by nature and there are a lot of restrictions on the applet side. As a result applets are signed by its creator to make it trusted and the user must have the required certificate installed during applet download

Need for self signed applet

As we know that applets are by default unsigned and hence not trusted. So there are some restrictions that an unsigned applet cannot perform. Following are the restrictions:

  • Access the user’s local file system and perform I/O operations.
  • Read system properties from the system like user home, java home etc.
  • Open a socket connection to a different server from the web server that hosts the applet.

The above restrictions are imposed on an unsigned applet. So if the applet needs to perform I/O operation or need to access some server then it needs to be signed using a certificate. Following are the two types of signed applets:

  • Self signed applets: This is called a self signed applet signed by the developers themselves
  • Signed applets by certificate authority: This is an Applet signed by a certificate authority. The signature is verified by the browser by connecting to a remotely running independent server by the certificate authority.

Once the applet is signed by any of the above procedure then it becomes trusted applet. Now the browser can download and start a signed applet (self signed or using security authority). The applet will automatically request permission to run outside the security sandbox. If the user grants permission by clicking on the popup, the applet is considered as trusted applet and the responsibility goes to the user who has grants permission. The signed applet is also called a privileged applet which can run outside the security sandbox.

Now we will create a sample applet class and sign it using self signature.

Listing 1: The sample is an applet for user input and output file creation

import java.awt.*;
import java.applet.*;
import java.awt.event.*;

 * @author kaushik Pal
public class UserInput extends Applet implements ActionListener{
      // Create components
	TextField key_text1,key_text2,key_output;
      Label key_label1,key_label2,key_label3;
      Button key_button;

      public void init(){
    	// Create layout  
        // Add different components to the layout.
        key_label1 = new Label("Enter Keyword1: ");

        key_text1 = new TextField(5);

        key_label2 = new Label("Enter Keyword2: ");

        key_text2 = new TextField(5);

        key_label3 = new Label("Keywords are: ");

        key_output = new TextField(5);

        key_button = new Button("Get keywords");
        // Add action listener
      public void actionPerformed(ActionEvent ae){
        	Test t = new Test();
        	// String to get the user input texts
        	String str1= key_text1.getText();
        	String str2= key_text2.getText();
        	// Show output on the third text box
		        // Create out put file
	        	FileWriter fstream = new FileWriter("output.txt",true);
		        BufferedWriter out = new BufferedWriter(fstream);
		        // Write to the file
	            // Flush the out put to the file
	        catch (Exception e)

Now we will create an html file to display the applet through browser.

Listing 2: The sample html file containing the applet

<title>Signed Applet Example</title> 

Creating self signed Applet

Now we will discuss the process of creating a self certificate and sign the above created applet.

Following are the three steps to create a self-signed Applet.

  • First: Creating a public and private key pair.
  • Second: Create a certificate for the key pair created in the above step.
  • Third: Associate the certificate with the JAR file which contains the Applet

Let us discuss something about a utility known as 'keytool' provided by the JDK. It is used to create public and private key pairs. During creation, the tool prompts for password and many other parameters that are stored into the digital signature. After this a file known as key-store is created in the current directory. The key-store file contains the public and private key pair. The key-store as the name suggests, can contain more than one key pair, and each key pair is given an alias name which uniquely identifies it.

Following are the commands to create key pairs using ‘keytool’. If the user is creating the key-store file for the first time, then a new file will be created otherwise only a new key pair with the alias name is added to this file.

First: Create a key-store

Listing 3: The following is showing the creation of a key-store

$ keytool -genkey -keystore newkeystore -alias newalias
Enter keystore password:  password123
What is your first and last name?
  [Unknown]:  kaushik
What is the name of your organizational unit?
  [Unknown]:  software
What is the name of your organization?
  [Unknown]:  testorg
What is the name of your City or Locality?
  [Unknown]:  kolkata
What is the name of your State or Province?
  [Unknown]:  WB
What is the two-letter country code for this unit?
  [Unknown]:  IN
Is CN=kaushik, OU=software, O=testorg , L=kolkata, ST=WB, C=IN correct?
  [no]:  yes
Enter key password for <newalias>
        (RETURN if same as keystore password):


The second step is to create a digital certificate for signing the applet. This is also done by using 'keytool' utility. The certificate is stored in the same key store file created in frist step. The following code demonstrates the creating of the certificate.

Listing 4: Sample showing certificate creation

$ keytool -selfcert -keystore newkeystore -alias newalias
Enter keystore password:  password123


The third step in self-signing the Applet using the digital certificate created in second step. But before signing the applet, it has to be included in a jar file. Please remember, only applets contained in a jar file can be signed. Following is the command to certify the applet jar.

Listing 5: Sample code to sign the applet jar file

$ jarsigner -keystore newkeystore SignedApplet.jar newalias
Enter keystore password:  password123

Warning: The signer certificate will expire within six months.

This process creates a hash for each applet class in a jar and signs them with the private key created in step one. The hashs, public key and certificate are added to the META-INF directory of the particular JAR file.

After signing a jar, its content cannot be modified. If the user changes something then the hashes computed by the jar signer tool will become invalid. Once all the steps are complete, the signed jar can be included into the html file. Please remember, all the files like jar, html and class should be kept in the same folder. Otherwise proper path must be mentioned in the html. Now when the applet loads in the browser, user will get a pop up, once the pop up is accepted, the applet will start working as a trusted applet.


To conclude the discussion, we can say that an applet is a useful java component and it is used widely in different critical application. So the security of the applet must be ensured to protect the user's interest. Self signed applets can be used during development phase but in production, the applet must be signed by a proper security authority.

Website: Have 16 years of experience as a technical architect and software consultant in enterprise application and product development. Have interest in new technology and innovation area along with technical...

What did you think of this post?
To have full access to this post (or download the associated files) you must have MrBool Credits.

  See the prices for this post in Mr.Bool Credits System below:

Individually – in this case the price for this post is US$ 0,00 (Buy it now)
in this case you will buy only this video by paying the full price with no discount.

Package of 10 credits - in this case the price for this post is US$ 0,00
This subscription is ideal if you want to download few videos. In this plan you will receive a discount of 50% in each video. Subscribe for this package!

Package of 50 credits – in this case the price for this post is US$ 0,00
This subscription is ideal if you want to download several videos. In this plan you will receive a discount of 83% in each video. Subscribe for this package!

> More info about MrBool Credits
You must be logged to download.

Click here to login