Week 28 contribution of SDK documentation content. See release notes for details. Fixes bugs Bug 1897 and Bug 1522.
<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright (c) 2007-2010 Nokia Corporation and/or its subsidiary(-ies) All rights reserved. -->
<!-- This component and the accompanying materials are made available under the terms of the License
"Eclipse Public License v1.0" which accompanies this distribution,
and is available at the URL "http://www.eclipse.org/legal/epl-v10.html". -->
<!-- Initial Contributors:
Nokia Corporation - initial contribution.
Contributors:
-->
<!DOCTYPE concept
PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd">
<concept xml:lang="en" id="GUID-04FB9E08-DDFE-53B1-B8E1-687A1AEC4286"><title>Security Tools Overview</title><shortdesc>The security tool, <codeph>certapp</codeph>, is a PC-side tool that creates and manages Symbian certificate stores. It can be configured to run as a standalone tool on both Windows and Linux platforms. </shortdesc><prolog><metadata><keywords/></metadata></prolog><conbody><section><title>Purpose</title> <p>The Symbian platform provides implementations of two types of certificate store, the native Software Install (SWI) Certificate Store (swicertstore) and the File Certificate Store (filecertstore). The <codeph>certapp</codeph> tool enables the creation, augmenting, dumping and debugging of both the certificate stores. In addition, the tool also enables the dumping of certificates. </p> </section> <section><title>Required background</title> <p>To use <codeph>certapp</codeph> effectively, you must have a basic understanding of the following: </p> <ul><li id="GUID-CD7F87A4-328E-5CDB-8D29-FFBC2B29496C"><p><xref href="GUID-C3290344-486B-554D-97FC-42DF48E150AA.dita">Certificate and Key Management</xref> </p> </li> <li id="GUID-77239220-2108-5DA8-A57B-5E70D6E9DD80"><p><xref href="GUID-A5DCCEB1-77DA-53C9-A1A3-07615DFCD403.dita">File-based Certificate and Key Stores</xref> </p> </li> <li id="GUID-7F0756F4-C3D3-59E5-8262-DE6C9F3B250D"><p><xref href="GUID-92025FE2-16B1-59FE-9967-6972F6E7D4CA.dita">Root Certificates</xref> </p> </li> </ul> </section> <section><title>Key concepts and terms</title> <dl><dlentry><dt>Certificate</dt> <dd><p>A certificate is an electronic document that binds a user's identity to a particular public or private key pair. It is commonly used to authenticate cryptographic public keys. </p> <p>Certificates are issued by a Certification Authority (CA). They usually include information such as a label, serial number, validity period, certificate format (for example, X.509) and algorithm type (for example, MD2RSA). </p> <p>The certificate files managed by <codeph>certapp</codeph> must be in one of the following formats: </p> <ul><li id="GUID-7AE7D892-72AD-5783-BDB7-BCD83ACCDE25"><p>X.509 Privacy Enhanced Mail (PEM) </p> </li> <li id="GUID-4A79E164-75BC-547E-9DC4-2C9882B87B1E"><p>X.509 Distinguished Encoding Rules (DER) </p> </li> <li id="GUID-54C08B28-6959-5C0F-B140-D6A27900AFE9"><p>Wireless Transport Layer Security (WTLS) </p> </li> </ul> </dd> </dlentry> <dlentry><dt>Certificate Store</dt> <dd><p>A certificate store is a database file that can store and manipulate certificates. The certificate store handles operations such as storing and retrieving certificates, assigning trust status to certificates on an application-by-application basis, constructing and validating certificate chains and checking online certificate revocation. </p> </dd> </dlentry> <dlentry><dt>File Certificate Store</dt> <dd><p>The file certificate store holds certificates for use by various applications that involve some authentication process. For example, it may contain certificates suitable for SSL/TLS server authentication. </p> <p>The file certificate store is implemented as a software plug-in which accesses two files that must be included in a device’s ROM, and are copied to the C: drive on first use. They are: </p> <ul><li id="GUID-EE62E763-27DC-53AA-965C-1DFF15484C23"><p> <codeph>cacerts.dat</codeph>: The physical file certificate store itself which holds the actual certificates and their associated metadata, including the application UIDs, to which the certificates apply. . </p> </li> <li id="GUID-E4C18725-415E-5023-A275-E53BA1229C8A"><p> <codeph>certclients.dat</codeph>: The certificate applications store that holds a list of the human-readable names and UIDs of applications that trust the certificates held in <codeph>cacerts.dat</codeph>. </p> </li> </ul> </dd> </dlentry> <dlentry><dt>Software Install (SWI) Certificate Store</dt> <dd><p>A SWI certificate store holds the trust anchors necessary to validate all SIS files that will be installed on the device. Physically, the certificates are held in a data file, <codeph>swicertstore.dat</codeph>. There are two parts to the SWI certificate store, an immutable store held in ROM and a writeable store that may be updated post market. </p> </dd> </dlentry> </dl> </section> <section><title>Description</title> <p>The <codeph>certapp</codeph> tool reads a series of input files containing certificate details, merges the input file data in memory, and writes the merged data into appropriate certificate store output files. Run the tool from the command line by specifying the input and output file names as arguments. For details of the command line arguments, see <xref href="GUID-C83D7112-0CF4-588D-8A0C-D27AB387F4D3.dita">certapp Reference</xref>. </p> <p>The tool accepts data files as inputs for operations such as creating a certificate store, dumping a certificate store or certificates to human-readable form and augmenting a certificate store. The data files can be in either binary or human-readable forms. These files typically contain details of individual certificates and the applications that the certificates validate. Many such data files can be merged together using the <codeph>certapp</codeph> tool to create one or more certificate store database files. </p> <p>Database files are typically the certificate store files created as output when you provide data files as inputs to the tool. The database files can be created for both the SWI certificate store (<codeph>swicertstore.dat</codeph>) and the file certificate store (<codeph>cacerts.dat</codeph> and <codeph>certclients.dat</codeph>). </p> <p> <b>Notes:</b> </p> <ul><li id="GUID-34C11E84-7578-515B-A57B-178623E20CEB"><p>The input files for the various certificate stores must follow specific formats. For details, see <xref href="GUID-B1B3C5E6-9F38-5A55-A30E-4C7591B446CC.dita">Certificate Store Human-Readable File Formats</xref>. </p> </li> <li id="GUID-D8865349-2E8E-5746-A51C-9C598D49CF6B"><p>For information on how the <codeph>certapp</codeph> tool processes the information given in the input files to generate output files, see <xref href="GUID-C119A79A-D705-50B3-B174-70F517947BBD.dita">How certapp Processes Input File Information</xref>. </p> </li> </ul> </section> <section><title>Typical uses</title> <p>The <codeph>certapp</codeph> tool helps in performing the following tasks: </p> <ul><li id="GUID-8F3CE8C2-0509-5390-BB25-6A3771270EF8"><p>Creating a certificate store </p> </li> <li id="GUID-B029F2F9-916B-5481-8059-A745ECEF365A"><p>Dumping a certificate store to human-readable form </p> </li> <li id="GUID-D52776CF-0AFD-5C0D-9A8E-C9F4CEBCA2C3"><p>Augmenting a certificate store </p> </li> </ul> <p>For details, see <xref href="GUID-7C96B363-7891-50D3-A40F-92B9CBC4624C.dita">Using certapp</xref>. </p> </section> </conbody><related-links><link href="GUID-6BD23C4F-CBF7-584D-81D9-EB8D14DC3081.dita"><linktext>Security Tools Reference</linktext> </link> </related-links></concept>