diff -r 89d6a7a84779 -r 25a17d01db0c Symbian3/PDK/Source/GUID-03BBEA31-3266-5B1C-9017-4EE7EA4AF1A8.dita --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/Symbian3/PDK/Source/GUID-03BBEA31-3266-5B1C-9017-4EE7EA4AF1A8.dita Fri Jan 22 18:26:19 2010 +0000 @@ -0,0 +1,67 @@ + + + + + +Creating +and Signing an Installation File +
Introduction

A Software Installation (SIS) file +can be generated as an unsigned file, a self-signed or signed file. Self-signed +and unsigned packages are considered to be unknown, and are installed +by the Software Installer, depending on the security policy of the Symbian +device.

If the SIS file is signed, the Software +Installer validates the certificate chains and based on verification, installs +the SIS file or aborts the installation.

+
Procedure
    +
  1. Create a private key-public +key pair and certificate request using the MakeKeys tool. +For details, see MaKeKeys +Tutorial.

  2. +
  3. Submit the certificate +request to a Certificate Authority (CA) and receive an authenticated digital +certificate.

  4. +
  5. Create a package (PKG) +file containing all the elements required to create the installation file. +For details see PKG +File Format .

  6. +
  7. Run MakeSIS at +the command prompt to create an unsigned SIS file. Specify the PKG file as +input argument, as shown in the following example:

    makesis mypackage.pkg

    MakeSIS generates an unsigned SIS file.

  8. +
  9. Run SignSIS at +the command prompt to sign the unsigned SIS file. Specify the unsigned SIS +file as input, and public key certificate and private key as arguments, as +shown in the following example:

    signsis trustedchain.pem eecertkey.key mypackage.sis

    Based on the certificate provided as input, SignSiS generates +a signed SIS file. For details, see Signing

  10. +
As an alternative to step 4 and 5, run the CreateSIS tool +at the command prompt to generate and sign the installation file. Specify +the trusted certificate-key pairs as arguments, as shown in the following +example: createsis create -cert trustedchain.pem -key eecertkey.key mypackage.pkg +

The process of creating an installation file can be +understood using the following illustration:

+ +
+
Notes

While creating a SIS file using the CreateSIS tool, +if you do not specify the key or certificate on the command line the create method +generates a key and a matching self-signed certificate, and uses it to sign +the resulting SIS file.

The generated certificate and key is dumped +into the current working directory as cert-gen.cer and key-gen.key files. +If key-gen.key exists, the certificate and key filenames +are indexed incrementally. That is, cert-genx.cer and key-genx.key, +where x is the incremental index.

Note: The passphrase +encryption is not an option. It must be provided with the -pass option. +If this option is not specified, CreateSIS prompts for the passphrase +during key generation.

+
+CreateSIS + +MakeSIS + +SignSIS + +
\ No newline at end of file