Is it safe to place pkcs8 and crt files in a signed jar

Asked Apr 04 '17 at 03:30

Active Apr 05 '17 at 00:53

Viewed 36 times

Will these files be protected/encrypted in a signed jar that may be distributed publicly?

The intent is to have the jar run a mini web server that contains a cert for localhost.somedomain.com

localhost.somedomain.com has an A record pointing to 127.0.0.1. This allows a website to communicate with the jar's application via js over a valid/trusted https connection. The local application will communicate with devices over USB.

I'm just not sure the private keys would be protected.

edited Apr 05 '17 at 00:53

asked Apr 04 '17 at 03:30

William W

1,776
6
21
40

1

No it isn't safe, but you don't need HTTPS within the localhost. – user207421 Apr 05 '17 at 01:24
Chrome blocks the Ajax request to localhost since it's coming from an https site to a non https site. Localhost doesn't make a difference here. Obviously CORS is enabled as well. – William W Apr 05 '17 at 15:14
I got to testing this again and chrome blocks `http://localhost/` but it does not block `http://127.0.0.1` so that can be used instead. Thanks. – William W May 23 '17 at 18:10

Is it safe to place pkcs8 and crt files in a signed jar

0 Answers0