|
1 <?xml version="1.0" encoding="utf-8"?> |
|
2 <!-- Copyright (c) 2007-2010 Nokia Corporation and/or its subsidiary(-ies) All rights reserved. --> |
|
3 <!-- This component and the accompanying materials are made available under the terms of the License |
|
4 "Eclipse Public License v1.0" which accompanies this distribution, |
|
5 and is available at the URL "http://www.eclipse.org/legal/epl-v10.html". --> |
|
6 <!-- Initial Contributors: |
|
7 Nokia Corporation - initial contribution. |
|
8 Contributors: |
|
9 --> |
|
10 <!DOCTYPE concept |
|
11 PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd"> |
|
12 <concept id="GUID-46D6DF29-38F7-5842-9FDD-82754AE8D9A0" xml:lang="en"><title>Human-Readable |
|
13 File Formats Reference</title><shortdesc>This section provides details of the fields in the various certificate |
|
14 store human-readable files. </shortdesc><prolog><metadata><keywords/></metadata></prolog><conbody> |
|
15 <section id="GUID-83AA7A83-E51B-5BFA-9BB2-A0CED031B8B0"><title>File Certificate |
|
16 Store Field Details</title> <p>The following table provide details of the |
|
17 file certificate store fields: </p> <table id="GUID-83651A7D-D70E-55D1-96CC-97E3239F7B9C"> |
|
18 <tgroup cols="2"><colspec colname="col0"/><colspec colname="col1"/> |
|
19 <tbody> |
|
20 <row> |
|
21 <entry><p> <b>Name</b> </p> </entry> |
|
22 <entry><p> <b>Description</b> </p> </entry> |
|
23 </row> |
|
24 <row> |
|
25 <entry><p> <codeph>StartEntry</codeph> </p> </entry> |
|
26 <entry><p>Specifies the certificate label. This label is in UTF-8 format and |
|
27 limited to 64 characters. </p> </entry> |
|
28 </row> |
|
29 <row> |
|
30 <entry><p> <codeph>Deletable</codeph> </p> </entry> |
|
31 <entry><p>The value of this field indicates whether the certificate can be |
|
32 deleted. <codeph>True</codeph> indicates that the certificate can be deleted. <codeph>False</codeph> indicates |
|
33 that the certificate must be protected from deletion. </p> </entry> |
|
34 </row> |
|
35 <row> |
|
36 <entry><p> <codeph>Format</codeph> </p> </entry> |
|
37 <entry><p>Specifies the certificate format. This is usually set to <codeph>EX509Certificate</codeph>. </p> </entry> |
|
38 </row> |
|
39 <row> |
|
40 <entry><p> <codeph>CertificateOwnerType</codeph> </p> </entry> |
|
41 <entry><p>Indicates the type of certificate owner. This field has the following |
|
42 legal values: <codeph>ECACertificate</codeph>, <codeph>EUserCertificate</codeph> and <codeph>EPeerCertificate</codeph>. </p> </entry> |
|
43 </row> |
|
44 <row> |
|
45 <entry><p> <codeph> SubjectKeyId</codeph> </p> </entry> |
|
46 |
|
47 <entry><p>Both these fields are used to build certificate chains by looking |
|
48 for certificates with <codeph>SubjectKeyId</codeph> values that match the <codeph>IssuerKeyId</codeph> value |
|
49 of the first certificate in the chain. While the <codeph>SubjectKeyId</codeph> enables |
|
50 identification of certificates containing a public key (in this case, the |
|
51 issuer key), the <codeph>IssuerKeyId</codeph> is the unique value that identifies |
|
52 the issued certificate. </p> <p>These fields are optional. If omitted, their |
|
53 values are considered equivalent to auto. For x509 certificates, it is recommended |
|
54 that these fields be omitted or set to auto. For other certificate types, |
|
55 specify an octet string value. </p> </entry> |
|
56 </row> |
|
57 <row> |
|
58 <entry><p> <codeph> IssuerKeyId</codeph> </p> </entry> |
|
59 </row> |
|
60 <row> |
|
61 <entry><p> <codeph> StartApplicationList</codeph> </p> </entry> |
|
62 |
|
63 <entry><p>Indicates the start and end of the application list. An application |
|
64 list specifies the applications associated with a certificate. Applications |
|
65 can be specified by UID or by name (in which case they are looked up in <codeph>certclients.dat</codeph>). </p> </entry> |
|
66 </row> |
|
67 <row> |
|
68 <entry><p> <codeph> EndApplicationList</codeph> </p> </entry> |
|
69 </row> |
|
70 <row> |
|
71 <entry><p> <codeph>Trusted</codeph> </p> </entry> |
|
72 <entry><p>The value of this field is usually set to <codeph>True</codeph>. |
|
73 If set to <codeph>False</codeph>, the certificate does not act as a trust |
|
74 anchor and its capabilities are not used. </p> </entry> |
|
75 </row> |
|
76 <row> |
|
77 <entry><p> <codeph>DataFileName</codeph> </p> </entry> |
|
78 <entry><p>Specifies the name of the file from which the certificate is to |
|
79 be read. </p> <p>If the certificate format is not x509, the contents are treated |
|
80 as a raw block of data. If the format is x509, the file can be either of the |
|
81 following: </p> <ul> |
|
82 <li id="GUID-39DE0AA4-A147-51CD-B39F-044DC67BF272"><p>A Privacy Enhanced Mail |
|
83 (PEM) encoded certificate in a UTF-8 file with or without a UTF-8 Byte Order |
|
84 Marker (BOM) </p> </li> |
|
85 <li id="GUID-176D7B07-879F-5D3F-86A5-EF18B9A450FB"><p>A binary file containing |
|
86 a Distinguished Encoding Rules (DER) encoded certificate. </p> </li> |
|
87 </ul> </entry> |
|
88 </row> |
|
89 </tbody> |
|
90 </tgroup> |
|
91 </table> </section> |
|
92 <example id="GUID-C30DFFCA-DFFB-5F1F-8306-659B8429EBFC"><title>SWI Certificate |
|
93 Store Field Details</title> <p>The following table provides information on |
|
94 the SWI certificate store fields. Because the SWI certificate store is a superset |
|
95 of the file certificate store, the following table lists only fields specific |
|
96 to the SWI certificate store. </p> <table id="GUID-E7CC3963-A5B0-52EE-B855-13DA11EB0FCD"> |
|
97 <tgroup cols="2"><colspec colname="col0"/><colspec colname="col1"/> |
|
98 <tbody> |
|
99 <row> |
|
100 <entry><p> <b>Name</b> </p> </entry> |
|
101 <entry><p> <b>Description</b> </p> </entry> |
|
102 </row> |
|
103 <row> |
|
104 <entry><p> <codeph>CapabilitySet</codeph> </p> </entry> |
|
105 <entry><p>Defines a list of capabilities allowed in applications that have |
|
106 the certificate as their trust anchor. Standard capability names or numeric |
|
107 bit numbers can be specified. </p> </entry> |
|
108 </row> |
|
109 <row> |
|
110 <entry><p> <codeph>Mandatory</codeph> </p> </entry> |
|
111 <entry><p>The value of this field is usually be set to <codeph>False</codeph> so |
|
112 that it enables the installation of any package not signed by a certificate |
|
113 that resolves to a SWI certificate. A <codeph>True</codeph> value prevents |
|
114 normal installation of packages. </p> <p> <b>Note:</b> If the certificate |
|
115 store is deployed in a device that does not support the feature of updating |
|
116 ROM files without using SIS stubs, the certificate gets interpreted as <codeph>Mandatory</codeph>. |
|
117 This prevents all normal applications from installing. </p> </entry> |
|
118 </row> |
|
119 <row> |
|
120 <entry><p> <codeph>SystemUpgrade</codeph> </p> </entry> |
|
121 <entry><p>The value of this field must usually be set to <codeph>False</codeph> to |
|
122 enable normal installation of applications. A <codeph>True</codeph> value |
|
123 of this field indicates that any application signed by a certificate which |
|
124 resolves to this certificate is treated as a System Upgrade, and consequently, |
|
125 a lot of security checks are disabled for that application. </p> <p> <b>Note:</b> The |
|
126 field is set to <codeph>True</codeph> only when the certificate store is deployed |
|
127 in a device that supports the feature of updating ROM files without using |
|
128 SIS stubs. </p> </entry> |
|
129 </row> |
|
130 </tbody> |
|
131 </tgroup> |
|
132 </table> <p> <b>Important: </b> A SWI certificate store does not have a <codeph>Deletable</codeph> field |
|
133 because all the SWI certificates are protected from deletion. </p> </example> |
|
134 </conbody><related-links> |
|
135 <link href="GUID-B1B3C5E6-9F38-5A55-A30E-4C7591B446CC.dita"><linktext>Certificate |
|
136 Store Human-Readable File Formats</linktext></link> |
|
137 </related-links></concept> |