==================================
SIGNING THE APPLET
==================================

Why does the applet need to be signed?
-----------------------------------------

Applets have some security restrictions that, by default, keep them from
accessing certain system resources. In the context of Ekit, the restrictions
you are most likely to notice are (1) no access to the cut-and-paste clipboard
used by other desktop applications and (2) no image support.

In order to enable these features in the applet, an applet must be "trusted"
by the browser. This means the applet has to be "signed" with a security
certificate, and the user has to tell the browser to accept that certficate.

I have signed the included EkitApplet.jar with a homemade security certificate.
When you open the signed applet in a browser, a dialog should appear asking if
you want to "trust" the applet. If you answer "yes" or "always", the security
certificate will be accepted and the restricted features will be enabled.


Do I need to do anything special?
-----------------------------------------

If you are using the applet JAR file as-is, without any changes, then no, you
don't need to do anything other than accept the certifcate when asked by your
browser.

However, if you change the applet code and rebuild the JAR file, it will need
to be signed again. Otherwise, the restricted features will stay blocked.


How do I sign the applet myself?
-----------------------------------------

Normally, you would purchase a security certificate from a certification
authority (CA), such as Thawte or Verisign. However, many people are using
Ekit internally within their organization, and can control the access
granted to users. In those situations, it is acceptable to sign the applet
yourself and instruct your users to allow the applet to be trusted.

Here are the steps to signing an applet JAR file on your own.
You will need to have the Java JDK installed, as this uses tools included
in that package.


==================================
HOW TO SELF-SIGN THE APPLET JAR
==================================

(all following steps should be performed in a shell/commandline environment)

Generate A Security Key
-----------------------------------------

Execute the following command at the prompt:

    keytool -genkey -keyalg rsa -alias ekitkey -validity 365

Answer the questions at each prompt:

    Enter keystore password: ********
    What is your first and last name?
        [Unknown]:  Your Name
    What is the name of your organizational unit?
        [Unknown]:  Division
    What is the name of your organization?
        [Unknown]:  Organization
    What is the name of your City or Locality?
        [Unknown]:  City
    What is the name of your State or Province?
        [Unknown]:  State
    What is the two-letter country code for this unit?
        [Unknown]:  XX

Sign The Applet Jar
-----------------------------------------

Execute the following command at the prompt:

    jarsigner ekitapplet.jar ekitkey

You will need to enter the password for the keystore again, and then the JAR
file will be signed.

After that you can upload it to the web and use it just like the JAR that comes
with this distribution. Users will need to accept the certificate you created,
as stated above.

