Create an applet to access the hardrive

October 2016


An applet is a program written in the Java programming language that can be induced in an HTML page, in the same way an image is included in a page. Applets are used to provide interactive features to web applications, which aren't native to HTML. Most of the time, Java applets security totally bans access to resources from a machine (hard disk, the registry, etc..) And network (applet can only communicate with its server origin.)

If you want to create an applet that exceeds these securities, it is required:

- To create a cryptographically signed applet
- That the user explicitly allows the applet to access the system
(This is a voluntary action by the user who cannot be exceeded.)

Once these two conditions are met, you can read / write to disk, launch programs (Runtime.getRuntime ().exec ("...")), download things (url connection) or use the eval ( ) command.


Compile your applet

As usual create a .jar file.

Generate Key

  • Your encryption key will sign you in your applets.
  • Type: keytool-genkey-alias (your alias name)

and enter the necessary information. Remember the password you entered to protect this key.
  • You do need to generate your key once. Once your key, you can use it to sign all the applet you want.
  • (Note that your key can optionally have an expiration date.)
  • Note: On Windows, the key is placed in the user profile.
    • (\Documents and Settings\yourlogin\.Keystore)
  • You must protect at all costs this keystore.
  • ( someone could create malicious applets signed by you!)

Sign your applet with your Key

  • Type: jarsigner -verbose monapplet.jar votreNomdAlias
  • Enter your Key password.
  • So now, your applet is signed.

Test your Applet

  • Place your applet on the server (this is important), and test.
  • You will see a window for Security Warning that asks the user if he allows this applet.



===Note that==
  • The popup message saying that the cryptographic signature is invalid is actually false:
  • The applet has an cryptographic signatures (yours), but this signature was not validated by a certification authority (Thawte, VeriSign, etc.).
  • This validation third (PKI) is charged.
  • But technically, it is not absolutely necessary and does not diminish the safety operation of your applet.
  • It's just that giving money to some PKI (whose keys are installed by default in browsers) you can get rid of this warning.
  • To see if it is worth paying for it.

Related :

This document entitled « Create an applet to access the hardrive » from CCM ( is made available under the Creative Commons license. You can copy, modify copies of this page, under the conditions stipulated by the license, as this note appears clearly.