What Signing A File Means; Object-Signing Certificates - Netscape MANAGEMENT SYSTEM 6.0 - COMMAND-LINE Manual

Introduction to Netscape Signing Tool

What Signing a File Means

If you have a signing certificate, you can use Netscape Signing Tool to digitally
sign files and package them as a JAR file. An object-signing certificate is a special
kind of certificate that allows you to associate your digital signature with one or
more files. For information about obtaining an object-signing certificate, see
Object-Signing Tools at this URL:
http://developer.netscape.com/docs/manuals/index.html?content=secur
ity.html
An individual file can potentially be signed with multiple digital signatures. For
example, a commercial software developer might sign the files that constitute a
software product to prove that the files are indeed from a particular company. A
network administrator manager might sign the same files with an additional
digital signature based on a company-generated certificate to indicate that the
product is approved for use within the company.
The significance of a digital signature is comparable to the significance of a
handwritten signature. Once you have signed a file, it is difficult to claim later that
you didn't sign it. In some situations, a digital signature may be considered as
legally binding as a handwritten signature. Therefore, you should take great care to
ensure that you can stand behind any file you sign and distribute.
For example, if you are a software developer, you should test your code to make
sure it is virus-free before signing it. Similarly, if you are a network administrator,
you should make sure, before signing any code, that it comes from a reliable source
and will run correctly with the software installed on the machines to which you are
distributing it.

Object-Signing Certificates

Before you can use Netscape Signing Tool to sign files, you must have an
object-signing certificate, which is a special certificate whose associated private key
is used to create digital signatures.
For testing purposes only, you can create an object-signing certificate with
Netscape Signing Tool 1.3. When testing is finished and you are ready to disitribute
your software, you should obtain an object-signing certificate from one of two
kinds of sources:
• An independent certificate authority (CA) that authenticates your identity and
charges you a fee. You typically get a certificate from an independent CA if you
want to sign software that will be distributed over the Internet.
90 Netscape Certificate Management System Command-Line Tools Guide • March 2002