diff -r 4816d766a08a -r f345bda72bc4 Symbian3/PDK/Source/GUID-03BBEA31-3266-5B1C-9017-4EE7EA4AF1A8.dita --- a/Symbian3/PDK/Source/GUID-03BBEA31-3266-5B1C-9017-4EE7EA4AF1A8.dita Tue Mar 30 11:42:04 2010 +0100 +++ b/Symbian3/PDK/Source/GUID-03BBEA31-3266-5B1C-9017-4EE7EA4AF1A8.dita Tue Mar 30 11:56:28 2010 +0100 @@ -1,67 +1,67 @@ - - - - - -Creating -and Signing an Installation File -
Introduction

A Software Installation (SIS) file -can be generated as an unsigned file, a self-signed or signed file. Self-signed -and unsigned packages are considered to be unknown, and are installed -by the Software Installer, depending on the security policy of the Symbian -device.

If the SIS file is signed, the Software -Installer validates the certificate chains and based on verification, installs -the SIS file or aborts the installation.

-
Procedure
    -
  1. Create a private key-public -key pair and certificate request using the MakeKeys tool. -For details, see MaKeKeys -Tutorial.

  2. -
  3. Submit the certificate -request to a Certificate Authority (CA) and receive an authenticated digital -certificate.

  4. -
  5. Create a package (PKG) -file containing all the elements required to create the installation file. -For details see PKG -File Format .

  6. -
  7. Run MakeSIS at -the command prompt to create an unsigned SIS file. Specify the PKG file as -input argument, as shown in the following example:

    makesis mypackage.pkg

    MakeSIS generates an unsigned SIS file.

  8. -
  9. Run SignSIS at -the command prompt to sign the unsigned SIS file. Specify the unsigned SIS -file as input, and public key certificate and private key as arguments, as -shown in the following example:

    signsis trustedchain.pem eecertkey.key mypackage.sis

    Based on the certificate provided as input, SignSiS generates -a signed SIS file. For details, see Signing

  10. -
As an alternative to step 4 and 5, run the CreateSIS tool -at the command prompt to generate and sign the installation file. Specify -the trusted certificate-key pairs as arguments, as shown in the following -example: createsis create -cert trustedchain.pem -key eecertkey.key mypackage.pkg -

The process of creating an installation file can be -understood using the following illustration:

- -
-
Notes

While creating a SIS file using the CreateSIS tool, -if you do not specify the key or certificate on the command line the create method -generates a key and a matching self-signed certificate, and uses it to sign -the resulting SIS file.

The generated certificate and key is dumped -into the current working directory as cert-gen.cer and key-gen.key files. -If key-gen.key exists, the certificate and key filenames -are indexed incrementally. That is, cert-genx.cer and key-genx.key, -where x is the incremental index.

Note: The passphrase -encryption is not an option. It must be provided with the -pass option. -If this option is not specified, CreateSIS prompts for the passphrase -during key generation.

-
-CreateSIS - -MakeSIS - -SignSIS - + + + + + +Creating +and Signing an Installation File +
Introduction

A Software Installation (SIS) file +can be generated as an unsigned file, a self-signed or signed file. Self-signed +and unsigned packages are considered to be unknown, and are installed +by the Software Installer, depending on the security policy of the Symbian +device.

If the SIS file is signed, the Software +Installer validates the certificate chains and based on verification, installs +the SIS file or aborts the installation.

+
Procedure
    +
  1. Create a private key-public +key pair and certificate request using the MakeKeys tool. +For details, see MaKeKeys +Tutorial.

  2. +
  3. Submit the certificate +request to a Certificate Authority (CA) and receive an authenticated digital +certificate.

  4. +
  5. Create a package (PKG) +file containing all the elements required to create the installation file. +For details see PKG +File Format .

  6. +
  7. Run MakeSIS at +the command prompt to create an unsigned SIS file. Specify the PKG file as +input argument, as shown in the following example:

    makesis mypackage.pkg

    MakeSIS generates an unsigned SIS file.

  8. +
  9. Run SignSIS at +the command prompt to sign the unsigned SIS file. Specify the unsigned SIS +file as input, and public key certificate and private key as arguments, as +shown in the following example:

    signsis trustedchain.pem eecertkey.key mypackage.sis

    Based on the certificate provided as input, SignSiS generates +a signed SIS file. For details, see Signing

  10. +
As an alternative to step 4 and 5, run the CreateSIS tool +at the command prompt to generate and sign the installation file. Specify +the trusted certificate-key pairs as arguments, as shown in the following +example: createsis create -cert trustedchain.pem -key eecertkey.key mypackage.pkg +

The process of creating an installation file can be +understood using the following illustration:

+ +
+
Notes

While creating a SIS file using the CreateSIS tool, +if you do not specify the key or certificate on the command line the create method +generates a key and a matching self-signed certificate, and uses it to sign +the resulting SIS file.

The generated certificate and key is dumped +into the current working directory as cert-gen.cer and key-gen.key files. +If key-gen.key exists, the certificate and key filenames +are indexed incrementally. That is, cert-genx.cer and key-genx.key, +where x is the incremental index.

Note: The passphrase +encryption is not an option. It must be provided with the -pass option. +If this option is not specified, CreateSIS prompts for the passphrase +during key generation.

+
+CreateSIS + +MakeSIS + +SignSIS +
\ No newline at end of file