Hi all!
1) Apps that do not need capabilities can be self-signed with a certificate
generated by makekeys.exe ?
If Yes, agains which root certificate is this signature verified on
device?
2) Can a application be signed with a certificate who's root certificate is
not on device?
If Yes, is it seen as a self-signed and user has to grant capabilities?
What happens if it requires capabilities that are not user grantable?
If Not, why ?
Regards,
Lasse
>1) Apps that do not need capabilities can be self-signed with a certificate
>generated by makekeys.exe ?
> If Yes, agains which root certificate is this signature verified on
>device?
Self-signing is only available to people who have signed the Self Certifier
agreement with us and been approved by us. These companies must follow the exact
same standards and test criteria for their applications and they are audited to
make sure this happens. Being a self certifier allows them, however, to
integrate the testing and signing in to their own (usually well established) QA
process, and also to more cost-effectively sign large numbers of SIS files
regularly.
>2) Can a application be signed with a certificate who's root certificate is
>not on device?
Yes, you can sign with any valid certificate...it'll do you no good at all
though! If the correct root is not on the device, the installer will not be able
to check it and then install your SIS.
Phil
Hi Phil,
From my point of view the installer should see mainly two types of sis
files: trusted and untrusted.
And then handle them acordingly. As designed now you will have trusted and
.... unsigned. What is wrong with an application being signed and untrusted
at the same time ?
Lasse
"Phil Spencer" <[email protected]> wrote in message
news:[email protected]...[color=green]
> >1) Apps that do not need capabilities can be self-signed with a[/color]
certificate[color=green]
> >generated by makekeys.exe ?
> > If Yes, agains which root certificate is this signature verified on
> >device?
>
> Self-signing is only available to people who have signed the Self[/color]
Certifier
> agreement with us and been approved by us. These companies must follow the
exact
> same standards and test criteria for their applications and they are
audited to
> make sure this happens. Being a self certifier allows them, however, to
> integrate the testing and signing in to their own (usually well
established) QA
> process, and also to more cost-effectively sign large numbers of SIS files
> regularly.
>[color=green]
> >2) Can a application be signed with a certificate who's root certificate[/color]
is[color=green]
> >not on device?
>
> Yes, you can sign with any valid certificate...it'll do you no good at all
> though! If the correct root is not on the device, the installer will not[/color]
be able
> to check it and then install your SIS.
>
> Phil
Bad form to reply to myself, I know, but I wanted to clarify a couple of
things I wrote before after further reflection.
[color=green]
> >1) Apps that do not need capabilities can be self-signed with a[/color]
certificate[color=green]
> >generated by makekeys.exe ?
> > If Yes, agains which root certificate is this signature verified on
> >device?
>
> Self-signing is only available to people who have signed the Self[/color]
Certifier
> agreement with us and been approved by us. These companies must follow the
exact
> same standards and test criteria for their applications and they are
audited to
> make sure this happens. Being a self certifier allows them, however, to
> integrate the testing and signing in to their own (usually well
established) QA
> process, and also to more cost-effectively sign large numbers of SIS files
> regularly.
This is maybe slightly misleading on my part - arising from a confusion in
terminology because (and I am guilty of this too) we tend to use words like
signing/certification synonymously. You can indeed still *sign* a SIS file
with any valid certificate (including one created with MakeKeys), but it
won't be *certified*. It is the certification process (e.g. Symbian Signed -
where apps are tested to an agreed criteria and then signed against our
SymbianB root if they pass) involving signing against a trusted root, which
will allow extended capability access in Symbian OS v9 though.
Self Certification is one aspect of Symbian Signed which I mention above,
but it shouldn't be confused with the physically ability to continue to sign
your SIS file yourself (using the new SignSIS tool in Symbian OS v9).
Regards,
Phil
Well, thanks for clarifying this Phill. Not it makes a lot more sense 😊
BR,
Lasse
"Phil Spencer" <[email protected]> wrote in message
news:9RXgLubxFHA.2844@extapps30...
> Bad form to reply to myself, I know, but I wanted to clarify a couple of
> things I wrote before after further reflection.
>[color=green][color=darkred]
> > >1) Apps that do not need capabilities can be self-signed with a[/color]
> certificate[color=darkred]
> > >generated by makekeys.exe ?
> > > If Yes, agains which root certificate is this signature verified on
> > >device?
> >
> > Self-signing is only available to people who have signed the Self[/color]
> Certifier
> > agreement with us and been approved by us. These companies must follow[/color]
the
> exact[color=green]
> > same standards and test criteria for their applications and they are
> audited to
> > make sure this happens. Being a self certifier allows them, however, to
> > integrate the testing and signing in to their own (usually well
> established) QA
> > process, and also to more cost-effectively sign large numbers of SIS[/color]
files[color=green]
> > regularly.
>
> This is maybe slightly misleading on my part - arising from a confusion in
> terminology because (and I am guilty of this too) we tend to use words[/color]
like
> signing/certification synonymously. You can indeed still *sign* a SIS file
> with any valid certificate (including one created with MakeKeys), but it
> won't be *certified*. It is the certification process (e.g. Symbian
Signed -
> where apps are tested to an agreed criteria and then signed against our
> SymbianB root if they pass) involving signing against a trusted root,
which
> will allow extended capability access in Symbian OS v9 though.
>
> Self Certification is one aspect of Symbian Signed which I mention above,
> but it shouldn't be confused with the physically ability to continue to
sign
> your SIS file yourself (using the new SignSIS tool in Symbian OS v9).
>
> Regards,
>
> Phil
>
>
Does this mean any developer can't self sign? What if the developer wants to
try out HelloWorld which doesn't have any capabilities.
My understanding was that anyone can self sign an app as long as there are
no capabilities assigned to the app.
Ravi..
"Phil Spencer" <[email protected]> wrote in message
news:[email protected]...[color=green]
> >1) Apps that do not need capabilities can be self-signed with a
> >certificate
>>generated by makekeys.exe ?
>> If Yes, agains which root certificate is this signature verified on
>>device?
>
> Self-signing is only available to people who have signed the Self
> Certifier
> agreement with us and been approved by us. These companies must follow the
> exact
> same standards and test criteria for their applications and they are
> audited to
> make sure this happens. Being a self certifier allows them, however, to
> integrate the testing and signing in to their own (usually well
> established) QA
> process, and also to more cost-effectively sign large numbers of SIS files
> regularly.
>
>>2) Can a application be signed with a certificate who's root certificate
>>is
>>not on device?
>
> Yes, you can sign with any valid certificate...it'll do you no good at all
> though! If the correct root is not on the device, the installer will not
> be able
> to check it and then install your SIS.
>
> Phil[/color]