As a standard development platform, Java has mechanisms for securing its distributables. For Java Archive (JAR) files, the securing concept is called JAR signing. Signing a JAR is similar to signing a document. The signature verifies that the JAR is valid content and you are aware of what is in it. Signing is a digital method that allows the developer to tell the user of the file that you are the author of the file and that you are aware of its contents and that he/she is safe to use it.

There may be occasions when an applet would require the user’s permission to write to the local disk in order to save information. Users will need to be absolutely sure that the applet will not do anything to harm their computer and that it is from a trusted source. This particular credibility issue can be rectified using public and private key infrastructure. The public key can verify a signature made by a private key, and a private key can be verified only by a corresponding public key. In order for a user to find out whether the public key is from a trusted source, major corporations have certificates that declare who owns the key. In relation to JAR files, when a JAR is signed the public key becomes a part of the JAR file. Therefore anyone who wants to use the JAR file can rely on the public key to ensure its trustworthiness and make sure that the public key is using a certificate.