Tonge, Rzepa, Yoshida, page 5

This solution for authentication of objects (documents or executable programs) sent viathe Internet makes use of public-key cryptography, whereby developers get a pair of numeric keys - a public key and a private key - which are mathematically related and may be used to encrypt and decrypt objects. The principle behind the use of these keys is that, provided that they are of sufficient length to inhibit the use of brute force cracking methods, it is not feasible to deduce one from the other. When the Netscape or Microsoft signing tools are used to sign an object such as the class file for an applet which is to be downloaded from a remote server, a one-way hash or message digest of that object, a digital fingerprint, is first created. This consists of a string of numbers of fixed length which cannot be used to deduce the object content and are generally much smaller than the original document. The senders's private key is then used to encrypt the hash string to produce a digital signature. A copy of the digital signature is downloaded with the object to the client, who then uses the sender's public keyto decrypt the digital signature and reproduce the original hash. The user then applies the same hashing algorithm (passed with the digital signature) to the received object to see if it produces an identical hash. The receiving browser then compares the two hashes - if they match then the object has been received unchanged (Scheme 1).

The following section gives specific details of how two particular Java applets were digitally signed⁶and used in this environment, in order to illustrate these concepts. The first is a client- side database interface component of what we term the Chemical Object Store (COS), which uses Java RMI to communicate to remote object database.⁷A certificate-enabled client is used to acquire chemical data in the form of 3D molecular co-ordinate files and associated molecular descriptors from the remote source. The second is an example of a distributed molecular visualisation and modelling program, MoldaNet,⁸which permits the user to manipulate such molecular coordinate files, and also to read and write the files to a local file store. Such local actions, which are normally disallowed in Java, can now be accomplishedwithin a properly authenticated environment.

Step 1. Code Modifications to Applet.