Signed JARs

• The "jar" utility which is usually installed as part of the free Java Platform from Sun Microsystems. Java is available for a wide range of operating systems. To extract all the files, at a command prompt just give the command:

    jar xvf XXX.jar
  

• On Windows machines, the well-known WinZip utility will also open jar files.

At the current state of internet secutity some paranoia about code that you download and install is quite rational. Our JAR files are "signed" which provides some level of security. You may:

1. Check that the file was not hacked during download. For example use the "jarsigner" utility that comes with Sun's Java Platform and give the command:

     jarsigner -verify XXX.jar
   

2. Check that it has not been hacked on our web site before you downloaded it. After you have extracted the files, use the "keytool" utility, also from Sun's Java Platform, and give the command:

     keytool -printcert -file META-INF/RECON3.DSA -v
   

   You should see the RECON3 "certificate" verifying our public key. The certificate fingerprints should be the same as the ones on our certificate posted on the RECON4 home page.

   If you are really paranoid and want to check that our home page has not also been hacked, then call up the Computer Science Department at the University of West Florida in Pensacola. Tell them that you want to leave a message for Dr. Norman Wilde to check our RECON4 certificate. No - I am not going to give you the phone number. If you are this paranoid you should get it from the phone company. After all - THIS page could be hacked too!

While we try to take reasonable precautions, there can be no absolute guarantees about security at the current state of the art. Please read the Disclaimer of Warranty posted on our home page.

JAR Security

Information about the JAR file format and its security features is available in the Java Tutorial on this subject from Sun Microsystems.