A signed Jar file generally indicates that the signer authorizes the contents. Signing is accomplished using a certificate that has been issued by a Certificate Authority (CA). Several CA's are available for this task; however, few of them are free, like the Thawte CA. Once a free certificate is obtained, Jar files may be distributed and named as verified from the signer. Trusted Jar files can be run outside of the “sandbox” and thus be given improved access to the target system.
Journal of Object Technology
Lyon, Douglas A., "The Initium X.509 Certificate Wizard" (2004). Engineering Faculty Publications. 42.
Douglas Lyon, “The Initium X.509 Certificate Wizard”, Journal of Object Technology, Volume 3, no. 10 (November 2004), pp. 75-88
Copyright 2004 Journal of Object Technology
Archived with permission from copyright holder.