Mercurial Mercurial > oss > FCL > sftools > depl > docscontent / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Symbian3/SDK/Source/GUID-AFBD4ED6-9588-531C-8EDF-566DB1D03088.dita
changeset 7 51a74ef9ed63
parent 0 89d6a7a84779
equal deleted inserted replaced
6:43e37759235e 7:51a74ef9ed63 
       
     1 <?xml version="1.0" encoding="utf-8"?>
 
       
     2 <!-- Copyright (c) 2007-2010 Nokia Corporation and/or its subsidiary(-ies) All rights reserved. -->
 
       
     3 <!-- This component and the accompanying materials are made available under the terms of the License 
       
     4 "Eclipse Public License v1.0" which accompanies this distribution, 
       
     5 and is available at the URL "http://www.eclipse.org/legal/epl-v10.html". -->
 
       
     6 <!-- Initial Contributors:
 
       
     7     Nokia Corporation - initial contribution.
 
       
     8 Contributors: 
       
     9 -->
 
       
    10 <!DOCTYPE concept
 
       
    11   PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd">
 
       
    12 <concept id="GUID-AFBD4ED6-9588-531C-8EDF-566DB1D03088" xml:lang="en"><title>Signing
 
       
    13 SIS Files</title><prolog><metadata><keywords/></metadata></prolog><conbody>
 
       
    14 <p>An installation (SIS) file must be signed with a digital signature, which
 
       
    15 helps in verifying the identity of the vendor. This ensures that the file
 
       
    16 has not been tampered with since it was signed. </p>
 
       
    17 <p>Software install package files can be signed multiple times. However, it
 
       
    18 is not required to sign the file with multiple signatures at the same time.
 
       
    19 Signatures can be added and removed from a package file at any time if the
 
       
    20 relevant keys are available. <xref href="GUID-B20EE8A3-D7B2-5872-AF43-001A88C1A46E.dita">SignSIS</xref> supports
 
       
    21 the signing of SIS files with self-signed certificates or Symbian developer
 
       
    22 certificates. </p>
 
       
    23 <section id="GUID-52029821-0FA4-58C7-94B9-C6B845C42098"><title>Self-signed
 
       
    24 certificates</title> <p>The term <i>self-signed</i> means that the SIS file
 
       
    25 is signed by the creator of the SIS file. A SIS file is <i>self-signed</i> if
 
       
    26 it signed by a certificate that has been self generated. For example, using <xref href="GUID-557BF1DA-B6E8-521B-89F0-15C84E3BCB1A.dita">MakeKeys</xref>. </p> <p>SIS
 
       
    27 files can be signed by Symbian application developers for programs that: </p> <ul>
 
       
    28 <li id="GUID-E2CB54EA-B638-5589-88FF-36DDA57E3388"><p>do not use any APIs
 
       
    29 protected by capability checks. </p> </li>
 
       
    30 <li id="GUID-717FBB11-F58A-5DE5-855A-F41A0CC9AF1B"><p>only require platform
 
       
    31 security capabilities that belong to the "user" or "basic" capabilities group.
 
       
    32 If the Software Installer is required to install a program with these capabilities,
 
       
    33 it can display capability information to the Symbian device user and provide
 
       
    34 an option to continue or cancel the installation. </p> <p>As long as the application
 
       
    35 requests no system capabilities, self-signed SIS files can be installed depending
 
       
    36 on how the installation policy has been configured by the device creator. </p> </li>
 
       
    37 </ul> <p> <b>Note</b>: Self-signed SIS files are not associated with a root
 
       
    38 certificate present on the device. </p> </section>
 
       
    39 <section id="GUID-95FEC08E-0E38-5F88-9FE5-D2DE16BE08FD"><title>Symbian developer
 
       
    40 certificates</title> <p>To test applications on Symbian devices, the SIS file
 
       
    41 can be signed with a Symbian developer certificate. This allows the application
 
       
    42 to be installed without the need for an external testing and signing process.
 
       
    43 Symbian developer certificates can be obtained through <xref href="http://www.symbiansigned.com" scope="external">www.symbiansigned.com</xref>. </p> <p>The usage of Symbian
 
       
    44 developer certificates is restricted to the following: </p> <ul>
 
       
    45 <li id="GUID-01E1055E-C77B-5C42-B54F-EF7A396669BD"><p>Usage with one or more
 
       
    46 listed phones only (through the IMEI/ESN number). </p> </li>
 
       
    47 <li id="GUID-D78F1294-5BB2-52BE-BA31-C06D72261B28"><p>Validity until a specific
 
       
    48 date, after which the certificate expires. </p> </li>
 
       
    49 <li id="GUID-676EB812-5C9B-5291-8746-6FA50B41F651"><p>An agreed set of capabilities
 
       
    50 that the certificate can grant. </p> </li>
 
       
    51 <li id="GUID-8C79AB5F-6708-538E-A0EA-71D493D3D576"><p>A set of SIDs of executables
 
       
    52 that can be installed by the SIS file. If the SIS file package UID is in the
 
       
    53 protected range then it must be included in the list of UIDs in the certificate. </p> </li>
 
       
    54 </ul> <p> <b>Note</b>: A Symbian developer certificate is indirectly signed
 
       
    55 against one of the Symbian root certificates, which are present on the Symbian
 
       
    56 device by default. </p> </section>
 
       
    57 <section id="GUID-C35BB441-E849-5CC4-B1B8-C50C6F250129"><title>Symbian signed
 
       
    58 program</title> <p>Some applications require platform security capabilities
 
       
    59 that cannot be granted by the Symbian application developer. These programs
 
       
    60 must be tested externally and signed with a certificate, which the Software
 
       
    61 Installer recognizes as provided by a trusted entity. </p> <p>This process
 
       
    62 is done through the Symbian Signed programme. For details on ACS Publisher
 
       
    63 ID certificates, Symbian developer certificates and the signing process, see <xref href="http://www.symbiansigned.com" scope="external">www.symbiansigned.com</xref>. </p> </section>
 
       
    64 <section id="GUID-D04B60BA-59A7-59FF-824F-2DC27CE01B74"><title> MANDATORY
 
       
    65 certificates </title> <p>If a certificate is marked as <codeph>MANDATORY</codeph> then
 
       
    66 any package certificate presented during the software installation, must have
 
       
    67 a certificate chain that resolves to this certificate (and any other certificates
 
       
    68 marked as <codeph>MANDATORY</codeph>). If the certificate chain does not resolve
 
       
    69 to a mandatory certificate, the installation fails. This feature prevents
 
       
    70 any unauthorized applications from being installed on the device. </p> <p> <b>Note</b>:
 
       
    71 Unsigned or self-signed applications cannot be installed, if a <codeph>MANDATORY</codeph> certificate
 
       
    72 is present. </p> </section>
 
       
    73 </conbody><related-links>
 
       
    74 <link href="GUID-03BBEA31-3266-5B1C-9017-4EE7EA4AF1A8.dita"><linktext>Creating
 
       
    75 and Signing an Installation File</linktext></link>
 
       
    76 <link href="GUID-B20EE8A3-D7B2-5872-AF43-001A88C1A46E.dita"><linktext>SignSIS</linktext>
 
       
    77 </link>
 
       
    78 <link href="GUID-557BF1DA-B6E8-521B-89F0-15C84E3BCB1A.dita"><linktext>MakeKeys</linktext>
 
       
    79 </link>
 
       
    80 </related-links></concept>
FCL/sftools/depl/docscontent