Swicertstore Tool Reference

Swicertstore tool takes a text file as input to create the swicertstore.dat file.

Example Input File

Swicertstore tool takes a text file as input that contains one or more certificates and its details that must be included in the Swicertstore. Each certificate can have a metadata associated with it.

This text file contains one or more sections. Each section contains attributes related to that section. A section starts with its name in square brackets. The section name is also used as the certificate label. Attributes are specified as attribute_name = attribute_value pairs.

Swicertstore tool takes the following example as input file consisting of two sections [Root5CA] and [SymbianTestDSACA] and creates swiCertStore.dat file as explained in the procedure.


# SWICertStoreToolInput.txt
# An example input file for the Swicertstore tool

[SymbianTestRSACA]
 
 file = c:\tswi\certstore\Symbian-Test-RSA.der
 capability = DRM
 capability = NetworkServices
 application = SWInstall
 application = SWInstallOCSP
 Mandatory = 0
 SystemUpgrade = 0
 
 [sucert]
 
 file = c:\tswi\certstore\sucert.der
 capability = ReadDeviceData
 capability = WriteDeviceData
 capability = DRM
 capability = AllFiles
 application = SWInstall
 SystemUpgrade = 1

The attributes in the example input file are described in the following table:

Attribute

Description

file

Specifies the path and name of the file containing the certificate.

Note: As Swicertstore tool runs in the emulator, the path name is relative to the Epoc32 directory root. Therefore, the actual location of the two certificate files in the example would be \Epoc32\winscw\c. The certificate must be DER encoded. OpenSSL can be used to convert a certificate from PEM format to DER format as mentioned below:

openssl x509 –inform pem –outform der –in mycert.pem –out mycert.der.

mandatory

Indicates whether the certificate is marked as mandatory for software installation. The value 1 indicates it is mandatory while 0 indicates it is not mandatory. The attribute is optional; the default value is 0.

System Upgrade

Indicates that the root certificate is enabled as System Upgrade [SU]. The packages signed by this certificate allow licensees to solve system software problems that were not anticipated at device build time.

capability

Specifies a Platform Security capability that the certificate can sign for. This attribute can be repeated to allow multiple capabilities to be specified.

Note: The following are the capabilities that the certificate can sign for: TCB, CommDD, PowerMgmt, MultimediaDD, ReadDeviceData, WriteDeviceData, DRM, TrustedUI, ProtServ, DiskAdmin, NetworkControl, AllFiles, SwEvent, NetworkServices, LocalServices, ReadUserData, WriteUserData, Location, SurroundingsDD, UserEnvironment.

application

Specifies the name of an application that the certificate can be used for. The allowed values are:

  • SWInstall - for the software installation application, SWI.

  • SWInstallOCSP - for the OCSP check during software installation.

Writable Swicertstore

Writable Swicertstore is a C: based data file that can be created and installed on the device and it is placed at c:\resource\swicertstore\ location. In the absence of the Writeable Swicertstore, the SwiCertstore.dll uses the ROM Swicertstore.

Related concepts
Overview