diff -r 4816d766a08a -r f345bda72bc4 Symbian3/PDK/Source/GUID-0E231D3E-D21F-5527-8FA5-5CF19A42B5B7.dita --- a/Symbian3/PDK/Source/GUID-0E231D3E-D21F-5527-8FA5-5CF19A42B5B7.dita Tue Mar 30 11:42:04 2010 +0100 +++ b/Symbian3/PDK/Source/GUID-0E231D3E-D21F-5527-8FA5-5CF19A42B5B7.dita Tue Mar 30 11:56:28 2010 +0100 @@ -1,110 +1,110 @@ - - - - - - Swicertstore -Tool ReferenceSwicertstore tool takes a text file as input to create the swicertstore.dat file. -Example Input File

Swicertstore tool takes a text -file as input that contains one or more certificates and its details that -must be included in the Swicertstore. Each certificate can have a metadata -associated with it.

This text file contains one or more sections. -Each section contains attributes related to that section. A section starts -with its name in square brackets. The section name is also used as the certificate -label. Attributes are specified as attribute_name = attribute_value pairs.

Swicertstore -tool takes the following example as input file consisting of two sections -[Root5CA] and [SymbianTestDSACA] and creates swiCertStore.dat file -as explained in the procedure.

-# SWICertStoreToolInput.txt -# An example input file for the Swicertstore tool - -[SymbianTestRSACA] - - file = c:\tswi\certstore\Symbian-Test-RSA.der - capability = DRM - capability = NetworkServices - application = SWInstall - application = SWInstallOCSP - Mandatory = 0 - SystemUpgrade = 0 - - [sucert] - - file = c:\tswi\certstore\sucert.der - capability = ReadDeviceData - capability = WriteDeviceData - capability = DRM - capability = AllFiles - application = SWInstall - SystemUpgrade = 1 -

The attributes in the example input file are described in -the following table:

- - - -

Attribute

-

Description

-
- -

file

-

Specifies the path and name of the file containing the certificate.

Note: -As Swicertstore tool runs in the emulator, the path name is relative to the -Epoc32 directory root. Therefore, the actual location of the two certificate -files in the example would be \Epoc32\winscw\c. The certificate must -be DER encoded. OpenSSL can be used to convert a certificate from PEM format -to DER format as mentioned below:

openssl x509 –inform pem -–outform der –in mycert.pem –out mycert.der.

-
- -

mandatory

-

Indicates whether the certificate is marked as mandatory for software -installation. The value 1 indicates it is mandatory while 0 indicates -it is not mandatory. The attribute is optional; the default value is 0.

-
- -

System Upgrade

-

Indicates that the root certificate is enabled as System Upgrade -[SU]. The packages signed by this certificate allow licensees to solve system -software problems that were not anticipated at device build time.

-
- -

capability

-

Specifies a Platform Security capability that the certificate can sign -for. This attribute can be repeated to allow multiple capabilities to -be specified.

Note: The following are the capabilities that -the certificate can sign for: TCB, CommDD, PowerMgmt, MultimediaDD, -ReadDeviceData, WriteDeviceData, DRM, TrustedUI, ProtServ, DiskAdmin, NetworkControl, -AllFiles, SwEvent, NetworkServices, LocalServices, ReadUserData, WriteUserData, -Location, SurroundingsDD, UserEnvironment.

-
- -

application

-

Specifies the name of an application that the certificate can be -used for. The allowed values are:

    -
  • SWInstall - for the -software installation application, SWI.

  • -
  • SWInstallOCSP - for -the OCSP check during software installation.

  • -
-
- - -
- -
Writable Swicertstore

Writable -Swicertstore is a C: based data file that can be created -and installed on the device and it is placed at c:\resource\swicertstore\ location. -In the absence of the Writeable Swicertstore, the SwiCertstore.dll uses -the ROM Swicertstore.

-
-Creating -Swicertstore.dat File -Overview - + + + + + + Swicertstore +Tool ReferenceSwicertstore tool takes a text file as input to create the swicertstore.dat file. +Example Input File

Swicertstore tool takes a text +file as input that contains one or more certificates and its details that +must be included in the Swicertstore. Each certificate can have a metadata +associated with it.

This text file contains one or more sections. +Each section contains attributes related to that section. A section starts +with its name in square brackets. The section name is also used as the certificate +label. Attributes are specified as attribute_name = attribute_value pairs.

Swicertstore +tool takes the following example as input file consisting of two sections +[Root5CA] and [SymbianTestDSACA] and creates swiCertStore.dat file +as explained in the procedure.

+# SWICertStoreToolInput.txt +# An example input file for the Swicertstore tool + +[SymbianTestRSACA] + + file = c:\tswi\certstore\Symbian-Test-RSA.der + capability = DRM + capability = NetworkServices + application = SWInstall + application = SWInstallOCSP + Mandatory = 0 + SystemUpgrade = 0 + + [sucert] + + file = c:\tswi\certstore\sucert.der + capability = ReadDeviceData + capability = WriteDeviceData + capability = DRM + capability = AllFiles + application = SWInstall + SystemUpgrade = 1 +

The attributes in the example input file are described in +the following table:

+ + + +

Attribute

+

Description

+
+ +

file

+

Specifies the path and name of the file containing the certificate.

Note: +As Swicertstore tool runs in the emulator, the path name is relative to the +Epoc32 directory root. Therefore, the actual location of the two certificate +files in the example would be \Epoc32\winscw\c. The certificate must +be DER encoded. OpenSSL can be used to convert a certificate from PEM format +to DER format as mentioned below:

openssl x509 –inform pem +–outform der –in mycert.pem –out mycert.der.

+
+ +

mandatory

+

Indicates whether the certificate is marked as mandatory for software +installation. The value 1 indicates it is mandatory while 0 indicates +it is not mandatory. The attribute is optional; the default value is 0.

+
+ +

System Upgrade

+

Indicates that the root certificate is enabled as System Upgrade +[SU]. The packages signed by this certificate allow licensees to solve system +software problems that were not anticipated at device build time.

+
+ +

capability

+

Specifies a Platform Security capability that the certificate can sign +for. This attribute can be repeated to allow multiple capabilities to +be specified.

Note: The following are the capabilities that +the certificate can sign for: TCB, CommDD, PowerMgmt, MultimediaDD, +ReadDeviceData, WriteDeviceData, DRM, TrustedUI, ProtServ, DiskAdmin, NetworkControl, +AllFiles, SwEvent, NetworkServices, LocalServices, ReadUserData, WriteUserData, +Location, SurroundingsDD, UserEnvironment.

+
+ +

application

+

Specifies the name of an application that the certificate can be +used for. The allowed values are:

    +
  • SWInstall - for the +software installation application, SWI.

  • +
  • SWInstallOCSP - for +the OCSP check during software installation.

  • +
+
+ + +
+ +
Writable Swicertstore

Writable +Swicertstore is a C: based data file that can be created +and installed on the device and it is placed at c:\resource\swicertstore\ location. +In the absence of the Writeable Swicertstore, the SwiCertstore.dll uses +the ROM Swicertstore.

+
+Creating +Swicertstore.dat File +Overview +
\ No newline at end of file