Symbian3/PDK/Source/GUID-46D6DF29-38F7-5842-9FDD-82754AE8D9A0.dita
author Dominic Pinkman <Dominic.Pinkman@Nokia.com>
Fri, 22 Jan 2010 18:26:19 +0000
changeset 1 25a17d01db0c
child 3 46218c8b8afa
permissions -rw-r--r--
Addition of the PDK content and example code for Documentation_content according to Feature bug 1607 and bug 1608

<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright (c) 2007-2010 Nokia Corporation and/or its subsidiary(-ies) All rights reserved. -->
<!-- This component and the accompanying materials are made available under the terms of the License 
"Eclipse Public License v1.0" which accompanies this distribution, 
and is available at the URL "http://www.eclipse.org/legal/epl-v10.html". -->
<!-- Initial Contributors:
    Nokia Corporation - initial contribution.
Contributors: 
-->
<!DOCTYPE concept
  PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd">
<concept id="GUID-46D6DF29-38F7-5842-9FDD-82754AE8D9A0" xml:lang="en"><title>Human-Readable
File Formats Reference</title><shortdesc>This section provides details of the fields in the various certificate
store human-readable files. </shortdesc><prolog><metadata><keywords/></metadata></prolog><conbody>
<section id="GUID-83AA7A83-E51B-5BFA-9BB2-A0CED031B8B0"><title>File Certificate
Store Field Details</title> <p>The following table provide details of the
file certificate store fields: </p> <table id="GUID-83651A7D-D70E-55D1-96CC-97E3239F7B9C">
<tgroup cols="2"><colspec colname="col0"/><colspec colname="col1"/>
<tbody>
<row>
<entry><p> <b>Name</b>  </p> </entry>
<entry><p> <b>Description</b>  </p> </entry>
</row>
<row>
<entry><p> <codeph>StartEntry</codeph>  </p> </entry>
<entry><p>Specifies the certificate label. This label is in UTF-8 format and
limited to 64 characters. </p> </entry>
</row>
<row>
<entry><p> <codeph>Deletable</codeph>  </p> </entry>
<entry><p>The value of this field indicates whether the certificate can be
deleted. <codeph>True</codeph> indicates that the certificate can be deleted. <codeph>False</codeph> indicates
that the certificate must be protected from deletion. </p> </entry>
</row>
<row>
<entry><p> <codeph>Format</codeph>  </p> </entry>
<entry><p>Specifies the certificate format. This is usually set to <codeph>EX509Certificate</codeph>. </p> </entry>
</row>
<row>
<entry><p> <codeph>CertificateOwnerType</codeph>  </p> </entry>
<entry><p>Indicates the type of certificate owner. This field has the following
legal values: <codeph>ECACertificate</codeph>, <codeph>EUserCertificate</codeph> and <codeph>EPeerCertificate</codeph>. </p> </entry>
</row>
<row>
<entry><p> <codeph> SubjectKeyId</codeph>  </p> </entry>

<entry><p>Both these fields are used to build certificate chains by looking
for certificates with <codeph>SubjectKeyId</codeph> values that match the <codeph>IssuerKeyId</codeph> value
of the first certificate in the chain. While the <codeph>SubjectKeyId</codeph> enables
identification of certificates containing a public key (in this case, the
issuer key), the <codeph>IssuerKeyId</codeph> is the unique value that identifies
the issued certificate. </p> <p>These fields are optional. If omitted, their
values are considered equivalent to auto. For x509 certificates, it is recommended
that these fields be omitted or set to auto. For other certificate types,
specify an octet string value. </p> </entry>
</row>
<row>
<entry><p> <codeph> IssuerKeyId</codeph>  </p> </entry>
</row>
<row>
<entry><p> <codeph> StartApplicationList</codeph>  </p> </entry>

<entry><p>Indicates the start and end of the application list. An application
list specifies the applications associated with a certificate. Applications
can be specified by UID or by name (in which case they are looked up in <codeph>certclients.dat</codeph>). </p> </entry>
</row>
<row>
<entry><p> <codeph> EndApplicationList</codeph>  </p> </entry>
</row>
<row>
<entry><p> <codeph>Trusted</codeph>  </p> </entry>
<entry><p>The value of this field is usually set to <codeph>True</codeph>.
If set to <codeph>False</codeph>, the certificate does not act as a trust
anchor and its capabilities are not used. </p> </entry>
</row>
<row>
<entry><p> <codeph>DataFileName</codeph>  </p> </entry>
<entry><p>Specifies the name of the file from which the certificate is to
be read. </p> <p>If the certificate format is not x509, the contents are treated
as a raw block of data. If the format is x509, the file can be either of the
following: </p> <ul>
<li id="GUID-39DE0AA4-A147-51CD-B39F-044DC67BF272"><p>A Privacy Enhanced Mail
(PEM) encoded certificate in a UTF-8 file with or without a UTF-8 Byte Order
Marker (BOM) </p> </li>
<li id="GUID-176D7B07-879F-5D3F-86A5-EF18B9A450FB"><p>A binary file containing
a Distinguished Encoding Rules (DER) encoded certificate. </p> </li>
</ul> </entry>
</row>
</tbody>
</tgroup>
</table> </section>
<example id="GUID-C30DFFCA-DFFB-5F1F-8306-659B8429EBFC"><title>SWI Certificate
Store Field Details</title> <p>The following table provides information on
the SWI certificate store fields. Because the SWI certificate store is a superset
of the file certificate store, the following table lists only fields specific
to the SWI certificate store. </p> <table id="GUID-E7CC3963-A5B0-52EE-B855-13DA11EB0FCD">
<tgroup cols="2"><colspec colname="col0"/><colspec colname="col1"/>
<tbody>
<row>
<entry><p> <b>Name</b>  </p> </entry>
<entry><p> <b>Description</b>  </p> </entry>
</row>
<row>
<entry><p> <codeph>CapabilitySet</codeph>  </p> </entry>
<entry><p>Defines a list of capabilities allowed in applications that have
the certificate as their trust anchor. Standard capability names or numeric
bit numbers can be specified. </p> </entry>
</row>
<row>
<entry><p> <codeph>Mandatory</codeph>  </p> </entry>
<entry><p>The value of this field is usually be set to <codeph>False</codeph> so
that it enables the installation of any package not signed by a certificate
that resolves to a SWI certificate. A <codeph>True</codeph> value prevents
normal installation of packages. </p> <p> <b>Note:</b> If the certificate
store is deployed in a device that does not support the feature of updating
ROM files without using SIS stubs, the certificate gets interpreted as <codeph>Mandatory</codeph>.
This prevents all normal applications from installing. </p> </entry>
</row>
<row>
<entry><p> <codeph>SystemUpgrade</codeph>  </p> </entry>
<entry><p>The value of this field must usually be set to <codeph>False</codeph> to
enable normal installation of applications. A <codeph>True</codeph> value
of this field indicates that any application signed by a certificate which
resolves to this certificate is treated as a System Upgrade, and consequently,
a lot of security checks are disabled for that application. </p> <p> <b>Note:</b> The
field is set to <codeph>True</codeph> only when the certificate store is deployed
in a device that supports the feature of updating ROM files without using
SIS stubs. </p> </entry>
</row>
</tbody>
</tgroup>
</table> <p> <b>Important: </b> A SWI certificate store does not have a <codeph>Deletable</codeph> field
because all the SWI certificates are protected from deletion. </p> </example>
</conbody><related-links>
<link href="GUID-B1B3C5E6-9F38-5A55-A30E-4C7591B446CC.dita"><linktext>Certificate
Store Human-Readable File Formats</linktext></link>
</related-links></concept>