|
1 <?xml version="1.0" encoding="utf-8"?> |
|
2 <!-- Copyright (c) 2007-2010 Nokia Corporation and/or its subsidiary(-ies) All rights reserved. --> |
|
3 <!-- This component and the accompanying materials are made available under the terms of the License |
|
4 "Eclipse Public License v1.0" which accompanies this distribution, |
|
5 and is available at the URL "http://www.eclipse.org/legal/epl-v10.html". --> |
|
6 <!-- Initial Contributors: |
|
7 Nokia Corporation - initial contribution. |
|
8 Contributors: |
|
9 --> |
|
10 <!DOCTYPE concept |
|
11 PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd"> |
|
12 <concept id="GUID-AFBD4ED6-9588-531C-8EDF-566DB1D03088" xml:lang="en"><title>Signing |
|
13 SIS Files</title><prolog><metadata><keywords/></metadata></prolog><conbody> |
|
14 <p>An installation (SIS) file must be signed with a digital signature, which |
|
15 helps in verifying the identity of the vendor. This ensures that the file |
|
16 has not been tampered with since it was signed. </p> |
|
17 <p>Software install package files can be signed multiple times. However, it |
|
18 is not required to sign the file with multiple signatures at the same time. |
|
19 Signatures can be added and removed from a package file at any time if the |
|
20 relevant keys are available. <xref href="GUID-B20EE8A3-D7B2-5872-AF43-001A88C1A46E.dita">SignSIS</xref> supports |
|
21 the signing of SIS files with self-signed certificates or Symbian developer |
|
22 certificates. </p> |
|
23 <section id="GUID-52029821-0FA4-58C7-94B9-C6B845C42098"><title>Self-signed |
|
24 certificates</title> <p>The term <i>self-signed</i> means that the SIS file |
|
25 is signed by the creator of the SIS file. A SIS file is <i>self-signed</i> if |
|
26 it signed by a certificate that has been self generated. For example, using <xref href="GUID-557BF1DA-B6E8-521B-89F0-15C84E3BCB1A.dita">MakeKeys</xref>. </p> <p>SIS |
|
27 files can be signed by Symbian application developers for programs that: </p> <ul> |
|
28 <li id="GUID-E2CB54EA-B638-5589-88FF-36DDA57E3388"><p>do not use any APIs |
|
29 protected by capability checks. </p> </li> |
|
30 <li id="GUID-717FBB11-F58A-5DE5-855A-F41A0CC9AF1B"><p>only require platform |
|
31 security capabilities that belong to the "user" or "basic" capabilities group. |
|
32 If the Software Installer is required to install a program with these capabilities, |
|
33 it can display capability information to the Symbian device user and provide |
|
34 an option to continue or cancel the installation. </p> <p>As long as the application |
|
35 requests no system capabilities, self-signed SIS files can be installed depending |
|
36 on how the installation policy has been configured by the device creator. </p> </li> |
|
37 </ul> <p> <b>Note</b>: Self-signed SIS files are not associated with a root |
|
38 certificate present on the device. </p> </section> |
|
39 <section id="GUID-95FEC08E-0E38-5F88-9FE5-D2DE16BE08FD"><title>Symbian developer |
|
40 certificates</title> <p>To test applications on Symbian devices, the SIS file |
|
41 can be signed with a Symbian developer certificate. This allows the application |
|
42 to be installed without the need for an external testing and signing process. |
|
43 Symbian developer certificates can be obtained through <xref href="http://www.symbiansigned.com" scope="external">www.symbiansigned.com</xref>. </p> <p>The usage of Symbian |
|
44 developer certificates is restricted to the following: </p> <ul> |
|
45 <li id="GUID-01E1055E-C77B-5C42-B54F-EF7A396669BD"><p>Usage with one or more |
|
46 listed phones only (through the IMEI/ESN number). </p> </li> |
|
47 <li id="GUID-D78F1294-5BB2-52BE-BA31-C06D72261B28"><p>Validity until a specific |
|
48 date, after which the certificate expires. </p> </li> |
|
49 <li id="GUID-676EB812-5C9B-5291-8746-6FA50B41F651"><p>An agreed set of capabilities |
|
50 that the certificate can grant. </p> </li> |
|
51 <li id="GUID-8C79AB5F-6708-538E-A0EA-71D493D3D576"><p>A set of SIDs of executables |
|
52 that can be installed by the SIS file. If the SIS file package UID is in the |
|
53 protected range then it must be included in the list of UIDs in the certificate. </p> </li> |
|
54 </ul> <p> <b>Note</b>: A Symbian developer certificate is indirectly signed |
|
55 against one of the Symbian root certificates, which are present on the Symbian |
|
56 device by default. </p> </section> |
|
57 <section id="GUID-C35BB441-E849-5CC4-B1B8-C50C6F250129"><title>Symbian signed |
|
58 program</title> <p>Some applications require platform security capabilities |
|
59 that cannot be granted by the Symbian application developer. These programs |
|
60 must be tested externally and signed with a certificate, which the Software |
|
61 Installer recognizes as provided by a trusted entity. </p> <p>This process |
|
62 is done through the Symbian Signed programme. For details on ACS Publisher |
|
63 ID certificates, Symbian developer certificates and the signing process, see <xref href="http://www.symbiansigned.com" scope="external">www.symbiansigned.com</xref>. </p> </section> |
|
64 <section id="GUID-D04B60BA-59A7-59FF-824F-2DC27CE01B74"><title> MANDATORY |
|
65 certificates </title> <p>If a certificate is marked as <codeph>MANDATORY</codeph> then |
|
66 any package certificate presented during the software installation, must have |
|
67 a certificate chain that resolves to this certificate (and any other certificates |
|
68 marked as <codeph>MANDATORY</codeph>). If the certificate chain does not resolve |
|
69 to a mandatory certificate, the installation fails. This feature prevents |
|
70 any unauthorized applications from being installed on the device. </p> <p> <b>Note</b>: |
|
71 Unsigned or self-signed applications cannot be installed, if a <codeph>MANDATORY</codeph> certificate |
|
72 is present. </p> </section> |
|
73 </conbody><related-links> |
|
74 <link href="GUID-03BBEA31-3266-5B1C-9017-4EE7EA4AF1A8.dita"><linktext>Creating |
|
75 and Signing an Installation File</linktext></link> |
|
76 <link href="GUID-B20EE8A3-D7B2-5872-AF43-001A88C1A46E.dita"><linktext>SignSIS</linktext> |
|
77 </link> |
|
78 <link href="GUID-557BF1DA-B6E8-521B-89F0-15C84E3BCB1A.dita"><linktext>MakeKeys</linktext> |
|
79 </link> |
|
80 </related-links></concept> |