diff -r 48780e181b38 -r 578be2adaf3e Symbian3/PDK/Source/GUID-6CDB86E4-89BB-5266-8CEC-7353B664D638.dita --- a/Symbian3/PDK/Source/GUID-6CDB86E4-89BB-5266-8CEC-7353B664D638.dita Tue Jul 20 12:00:49 2010 +0100 +++ b/Symbian3/PDK/Source/GUID-6CDB86E4-89BB-5266-8CEC-7353B664D638.dita Fri Aug 13 16:47:46 2010 +0100 @@ -1,130 +1,130 @@ - - - - - -Importing -Certificates -

The Symbian certstore allows two types of certificates to -be imported: root certificates and user certificates.

-

Please note that certificates must be in DER format to be imported. Also, -the absolute path to the certificate file must be given regardless of the -current directory in the shell. For example, if you are in the directory c:\temp -which contains mycert.der, to import the certificate you must issue the command:

-

certtool –import c:\temp\mycert.der

-

A certificate always has a label associated with it. A label can be specified -during the import operation with the –label option, if this option is not -present, the full path to the certificate file is taken as label. Labels must -be unique within a specific certstore implementation. If a label is not unique, -an error occurs. For instance, if the certstore contains a certificate with -label abc:

-

certtool –list abc

-Symbian CertStore Manipulation Tool -Copyright (c) 2004-2009 Nokia Corporation and/or its subsidiary(-ies). All rights reserved. -Label: abc Format: WTLS Owner Type: Root (CA) -Issuer Name: Limited Liability Subject Name: Limited Liability -Valid From: 15:13:18 Tue 29th Feb 2000 Valid Until: 15:43:18 Sat 29th Feb 2020 -Trusted for Applications: -

If you try to import a certificate with the same label, an error occurs.

-c:\>certtool –label abc –import c:\certstore\ent-wtls2.cer -Symbian CertStore Manipulation Tool -Copyright (c) 2004-2009 Nokia Corporation and/or its subsidiary(-ies). All rights reserved. -The given label is invalid, or already present in the certstore. -Label: abc Format: WTLS Owner Type: Root (CA) -Issuer Name: Limited Liability Subject Name: Limited Liability -Valid From: 15:13:18 Tue 29th Feb 2000 Valid Until: 15:43:18 Sat 29th Feb 2020 -Trusted for Applications: -

However, this happens because of the attempt made to insert the certificate -in a certstore implementation where the same label already exists. Certstore -implementation is not specified for use in a command. It is possible to insert -the certificate with label abc in the certstore implementation with index -1 (Index 0 is used by default).

-

certtool –label abc –store 1 –import c:\certstore\ent-wtls2.cer

-Symbian CertStore Manipulation Tool -Copyright (c) 2004-2009 Nokia Corporation and/or its subsidiary(-ies). All rights reserved. -Certificate imported successfully. -Label: abc Format: WTLS Owner Type: Root (CA) -Issuer Name: Limited Liability Subject Name: Limited Liability -Valid From: 15:13:18 Tue 29th Feb 2000 Valid Until: 15:43:18 Sat 29th Feb 2020 -Trusted for Applications: -

Importing root certificates

-

Root certificates typically belong to a certificate authority (CA) and -a number of them are present on a final product. Root certificates are used -to verify the authenticity of signed content. Root certificates are self-signed, -and often termed top-level certificates.

-

All the examples in the previous sections referred to root certificates.

-

A certificate is imported as a CA root certificate if and only if the corresponding -private key cannot be found in the keystore.

-

Importing user certificates

-

User certificates belong to the phone owner. Using user certificate, the -phone owners can authenticate themselves. For example, during SSL/TLS, the -owner can perform client authentication. To import a user certificate both -the certificate and its corresponding private key must be stored in the Symbian -keystore.

-

If the private key corresponding to a given certificate is already present -in the Symbian keystore, the certificate will be automatically imported as -a user certificate.

-

Assume that the private DSA key corresponding to the certificate stored -in dsa_cert1.der is present in the Symbian keystore. The following command -imports the certificate as a user certificate:

-

certtool –label abc –import c:\certstore\data\dsa_cert1.der

-Symbian CertStore Manipulation Tool -Copyright (c) 2004-2009 Nokia Corporation and/or its subsidiary(-ies). All rights reserved. -Certificate imported successfully. -Label: abc Format: X509 Owner Type: User -Issuer Name: 10.32.193.163 Subject Name: Internet Widgits Pty Ltd -Valid From: 16:06:43 Tue 02nd Jun 2009 Valid Until: 16:03:43 Sat 01st Aug 2009 -Trusted for Applications: -

If the private key is not already present in the keystore, the same command -imports the certificate as a CA certificate.

-

Keytool can be used to include private keys in the Symbian keystore. Alternatively, -if you only want to include a user certificate, point to a DER-encoded PKCS8 -file containing the key using the -private option. After -importing the key, certtool will make the owner of the key -as "WriteDeviceData", so that keytool will able to manipulate the key, performing -actions such as remove or setuser.

-

Assume the DSA private key corresponding to the certificate stored in dsa_cert1.der is -not present in the keystore and that the required DSA private key is stored -in pkcs8 DER-encoded format in the file pkcs8dsa1.001.

-

certtool –label abc –private c:\certstore\data\pkcs8dsa1.001 -–import c:\certstore\data\dsa_cert1.der

-Symbian CertStore Manipulation Tool -Copyright (c) 2004-2009 Nokia Corporation and/or its subsidiary(-ies). All rights reserved. -Certificate imported successfully. -Label: abc Format: X509 Owner Type: User -Issuer Name: 10.32.193.163 Subject Name: Internet Widgits Pty Ltd -Valid From: 16:06:43 Tue 02nd Jun 2009 Valid Until: 16:03:43 Wed 01st Jul 2009 -Trusted for Applications: -

Note: Either secdlg or tsecdlg need -to be in \epoc32\release\winscw\udeb. However, if both -of them are present in the specified location, it will cause a panic.

-

In addition, the corresponding DSA key is inserted in the keystore with -the same label as the certificate.

-

keytool –d –list abc

-Symbian KeyStore Manipulation Tool -Copyright (c) 2004-2009 Nokia Corporation and/or its subsidiary(-ies). All rights reserved. - Algorithm: DSA Size: 512 bits - Usage: PKCS15 Sign Code: 0x4 - User: No Users registered. - Access flags: Extractable - ID: c0 fa d9 … - Label: abc - Native: Yes - Start date: not set End data: not set -
-Listing Contents -of Certificate Stores -Working with -Multiple Certificate Store Implementations -Removing -Certificates - -Manipulating Applicability and Trust Settings for a Certificate - + + + + + +Importing +Certificates +

The Symbian certstore allows two types of certificates to +be imported: root certificates and user certificates.

+

Please note that certificates must be in DER format to be imported. Also, +the absolute path to the certificate file must be given regardless of the +current directory in the shell. For example, if you are in the directory c:\temp +which contains mycert.der, to import the certificate you must issue the command:

+

certtool –import c:\temp\mycert.der

+

A certificate always has a label associated with it. A label can be specified +during the import operation with the –label option, if this option is not +present, the full path to the certificate file is taken as label. Labels must +be unique within a specific certstore implementation. If a label is not unique, +an error occurs. For instance, if the certstore contains a certificate with +label abc:

+

certtool –list abc

+Symbian CertStore Manipulation Tool +Copyright (c) 2004-2009 Nokia Corporation and/or its subsidiary(-ies). All rights reserved. +Label: abc Format: WTLS Owner Type: Root (CA) +Issuer Name: Limited Liability Subject Name: Limited Liability +Valid From: 15:13:18 Tue 29th Feb 2000 Valid Until: 15:43:18 Sat 29th Feb 2020 +Trusted for Applications: +

If you try to import a certificate with the same label, an error occurs.

+c:\>certtool –label abc –import c:\certstore\ent-wtls2.cer +Symbian CertStore Manipulation Tool +Copyright (c) 2004-2009 Nokia Corporation and/or its subsidiary(-ies). All rights reserved. +The given label is invalid, or already present in the certstore. +Label: abc Format: WTLS Owner Type: Root (CA) +Issuer Name: Limited Liability Subject Name: Limited Liability +Valid From: 15:13:18 Tue 29th Feb 2000 Valid Until: 15:43:18 Sat 29th Feb 2020 +Trusted for Applications: +

However, this happens because of the attempt made to insert the certificate +in a certstore implementation where the same label already exists. Certstore +implementation is not specified for use in a command. It is possible to insert +the certificate with label abc in the certstore implementation with index +1 (Index 0 is used by default).

+

certtool –label abc –store 1 –import c:\certstore\ent-wtls2.cer

+Symbian CertStore Manipulation Tool +Copyright (c) 2004-2009 Nokia Corporation and/or its subsidiary(-ies). All rights reserved. +Certificate imported successfully. +Label: abc Format: WTLS Owner Type: Root (CA) +Issuer Name: Limited Liability Subject Name: Limited Liability +Valid From: 15:13:18 Tue 29th Feb 2000 Valid Until: 15:43:18 Sat 29th Feb 2020 +Trusted for Applications: +

Importing root certificates

+

Root certificates typically belong to a certificate authority (CA) and +a number of them are present on a final product. Root certificates are used +to verify the authenticity of signed content. Root certificates are self-signed, +and often termed top-level certificates.

+

All the examples in the previous sections referred to root certificates.

+

A certificate is imported as a CA root certificate if and only if the corresponding +private key cannot be found in the keystore.

+

Importing user certificates

+

User certificates belong to the phone owner. Using user certificate, the +phone owners can authenticate themselves. For example, during SSL/TLS, the +owner can perform client authentication. To import a user certificate both +the certificate and its corresponding private key must be stored in the Symbian +keystore.

+

If the private key corresponding to a given certificate is already present +in the Symbian keystore, the certificate will be automatically imported as +a user certificate.

+

Assume that the private DSA key corresponding to the certificate stored +in dsa_cert1.der is present in the Symbian keystore. The following command +imports the certificate as a user certificate:

+

certtool –label abc –import c:\certstore\data\dsa_cert1.der

+Symbian CertStore Manipulation Tool +Copyright (c) 2004-2009 Nokia Corporation and/or its subsidiary(-ies). All rights reserved. +Certificate imported successfully. +Label: abc Format: X509 Owner Type: User +Issuer Name: 10.32.193.163 Subject Name: Internet Widgits Pty Ltd +Valid From: 16:06:43 Tue 02nd Jun 2009 Valid Until: 16:03:43 Sat 01st Aug 2009 +Trusted for Applications: +

If the private key is not already present in the keystore, the same command +imports the certificate as a CA certificate.

+

Keytool can be used to include private keys in the Symbian keystore. Alternatively, +if you only want to include a user certificate, point to a DER-encoded PKCS8 +file containing the key using the -private option. After +importing the key, certtool will make the owner of the key +as "WriteDeviceData", so that keytool will able to manipulate the key, performing +actions such as remove or setuser.

+

Assume the DSA private key corresponding to the certificate stored in dsa_cert1.der is +not present in the keystore and that the required DSA private key is stored +in pkcs8 DER-encoded format in the file pkcs8dsa1.001.

+

certtool –label abc –private c:\certstore\data\pkcs8dsa1.001 +–import c:\certstore\data\dsa_cert1.der

+Symbian CertStore Manipulation Tool +Copyright (c) 2004-2009 Nokia Corporation and/or its subsidiary(-ies). All rights reserved. +Certificate imported successfully. +Label: abc Format: X509 Owner Type: User +Issuer Name: 10.32.193.163 Subject Name: Internet Widgits Pty Ltd +Valid From: 16:06:43 Tue 02nd Jun 2009 Valid Until: 16:03:43 Wed 01st Jul 2009 +Trusted for Applications: +

Note: Either secdlg or tsecdlg need +to be in \epoc32\release\winscw\udeb. However, if both +of them are present in the specified location, it will cause a panic.

+

In addition, the corresponding DSA key is inserted in the keystore with +the same label as the certificate.

+

keytool –d –list abc

+Symbian KeyStore Manipulation Tool +Copyright (c) 2004-2009 Nokia Corporation and/or its subsidiary(-ies). All rights reserved. + Algorithm: DSA Size: 512 bits + Usage: PKCS15 Sign Code: 0x4 + User: No Users registered. + Access flags: Extractable + ID: c0 fa d9 … + Label: abc + Native: Yes + Start date: not set End data: not set +
+Listing Contents +of Certificate Stores +Working with +Multiple Certificate Store Implementations +Removing +Certificates + +Manipulating Applicability and Trust Settings for a Certificate +
\ No newline at end of file