- A certificate is the public key of a key-pair, combined with information identifying the key's owner and signed by the private key of a certificate authority. The signature of the certificate authority provides some guarantee that the public key in the certificate corresponds to the ownership information. A certificate is the online equivalent of an ID card: it can be used to sign files, and to verify the origin of a signed file.
- By using a certificate, a developer can sign a web page and its associated code. A signing program, like Netscape's SignTool first compresses the files to be signed. The program uses the user's certificate to generate a signature unique to the user and the signed files. This signature is included with the files in a JAR file. If the contents of the JAR file are modified after signing, the user's browser will be able to tell, and the signature will be invalid.
- JAR file
JAR (for Java
Archive) is a format for associating digital signatures,
security information, or other meta-data with a file or group of files. It is
based on the common
zipfile format. The MIME-type
application/java-archiveis associated with jar files.
JARfiles are accessed using the following
capsapp.jaris the archive file, and
getprefs.htmlis the desired file within capsapp.jar
- A privilege (sometimes referred to as a "capability") is a special identifier which gives scripts an enhanced level of access to a user's computer. Because of the potential damage (either malicious or accidental) a script with privileges can inflict on a user's computer, Mozilla requires scripts requesting extended privileges to be signed with a valid certificate. Signing identifies the entity responsible for the script, and provides evidence of any modification to the script after signing.
- Certificate Authority
A certificate authority (CA) is an organization that creates and signs certificates. Charge usually varies with use. Personal certificates, often used for signing e-mail, can be as low as $19.95/year, while developer certificates can be as expensive as $695/year or more. Other sites allow users to register certificates for free. CAs provide certificates not only for signing email and scripts, but also for SSL servers and legal documents.
Some CA's (from dmoz.org):
Ident Trust (P)
Equifax Secure (P)
Inter Clear (P)
Texstar Technologies Inc. (P)
Thawte Digital Certificate Services (F)
The USERTRUST Network (P)
P - Site charges for certificats. F - Site has free certificates available (usually only for personal use).