1 <?xml version="1.0" encoding="utf-8"?>

     2 <!-- Copyright (c) 2007-2010 Nokia Corporation and/or its subsidiary(-ies) All rights reserved. -->

     3 <!-- This component and the accompanying materials are made available under the terms of the License 

     4 "Eclipse Public License v1.0" which accompanies this distribution, 

     5 and is available at the URL "http://www.eclipse.org/legal/epl-v10.html". -->

     6 <!-- Initial Contributors:

     7     Nokia Corporation - initial contribution.

     8 Contributors: 

     9 -->

    10 <!DOCTYPE concept

    11   PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd">

    12 <concept id="GUID-03BBEA31-3266-5B1C-9017-4EE7EA4AF1A8" xml:lang="en"><title>Creating

    13 and Signing an Installation File</title><prolog><metadata><keywords/></metadata></prolog><conbody>

    14 <section><title>Introduction</title> <p>A Software Installation (SIS) file

    15 can be generated as an unsigned file, a self-signed or signed file. Self-signed

    16 and unsigned packages are considered to be <i>unknown</i>, and are installed

    17 by the Software Installer, depending on the security policy of the Symbian

    18 device. </p> <p>If the <filepath>SIS</filepath> file is signed, the Software

    19 Installer validates the certificate chains and based on verification, installs

    20 the <filepath>SIS</filepath> file or aborts the installation. </p> </section>

    21 <section><title>Procedure</title> <ol id="GUID-F956C034-BA59-5811-9043-BF0D77F10677">

    22 <li id="GUID-9842671A-A9BE-5CC1-A957-D2AA09B2B6D0"><p>Create a private key-public

    23 key pair and certificate request using the <xref href="GUID-557BF1DA-B6E8-521B-89F0-15C84E3BCB1A.dita">MakeKeys</xref> tool.

    24 For details, see <xref href="GUID-D45A4AE9-4169-4466-B02B-629B15C3E9AA.dita">MaKeKeys

    25 Tutorial</xref>. </p> </li>

    26 <li id="GUID-030DB6CF-22B6-529A-9915-38A4AD2A8A92"><p>Submit the certificate

    27 request to a Certificate Authority (CA) and receive an authenticated digital

    28 certificate. </p> </li>

    29 <li id="GUID-F8CDA8A6-4FD1-5F96-9D50-E2B7323504B5"><p>Create a package (PKG)

    30 file containing all the elements required to create the installation file.

    31 For details see <xref href="GUID-43B4B4E7-413E-5D18-811C-4B9E38CDEB69.dita">PKG

    32 File Format</xref> . </p> </li>

    33 <li id="GUID-80F3E1E2-7E61-53B7-948F-651BA163469E"><p>Run <xref href="GUID-4BDC9F63-83A1-53A5-91A0-B092AA821755.dita">MakeSIS</xref> at

    34 the command prompt to create an unsigned SIS file. Specify the PKG file as

    35 input argument, as shown in the following example: </p> <p><codeblock id="GUID-44397CFA-9650-5C19-8F47-015A3BC90D88" xml:space="preserve">makesis mypackage.pkg</codeblock> </p> <p> <codeph>MakeSIS</codeph> generates an unsigned SIS file. </p> </li>

    36 <li id="GUID-C1190F84-8E02-5C57-90BE-3C3CCB0AAE04"><p>Run <xref href="GUID-B20EE8A3-D7B2-5872-AF43-001A88C1A46E.dita">SignSIS</xref> at

    37 the command prompt to sign the unsigned SIS file. Specify the unsigned SIS

    38 file as input, and public key certificate and private key as arguments, as

    39 shown in the following example: </p> <p><codeblock id="GUID-A674816E-D8AF-5B9F-839B-3D53C337D481" xml:space="preserve">signsis trustedchain.pem eecertkey.key mypackage.sis</codeblock> </p> <p>Based on the certificate provided as input, <codeph>SignSiS</codeph> generates

    40 a signed SIS file. For details, see <xref href="GUID-AFBD4ED6-9588-531C-8EDF-566DB1D03088.dita">Signing</xref>  </p> </li>

    41 </ol><note> As an alternative to step 4 and 5, run the <xref href="GUID-AA555CC1-5CFF-5609-9191-8970F32BA255.dita">CreateSIS</xref> tool

    42 at the command prompt to generate and sign the installation file. Specify

    43 the trusted certificate-key pairs as arguments, as shown in the following

    44 example: <codeblock xml:space="preserve">createsis create -cert trustedchain.pem -key eecertkey.key mypackage.pkg

    45 </codeblock></note><p>The process of creating an installation file can be

    46 understood using the following illustration:</p><fig id="GUID-DB0D2E8C-E8B6-46C8-8CF4-1970EA1B3A03">

    47 <image href="GUID-B46C54AD-268C-58A0-B244-134C4D8BDFE1_d0e24694_href.png" placement="inline"/>

    48 </fig> </section>

    49 <section><title>Notes</title> <p>While creating a SIS file using the <b>CreateSIS</b> tool,

    50 if you do not specify the key or certificate on the command line the <codeph>create</codeph> method

    51 generates a key and a matching self-signed certificate, and uses it to sign

    52 the resulting SIS file. </p> <p>The generated certificate and key is dumped

    53 into the current working directory as <filepath>cert-gen.cer</filepath> and <filepath>key-gen.key</filepath> files.

    54 If <filepath>key-gen.key</filepath> exists, the certificate and key filenames

    55 are indexed incrementally. That is, <filepath>cert-genx.cer</filepath> and <filepath>key-genx.key</filepath>,

    56 where <i>x</i> is the incremental index. </p> <p> <b> Note:</b> The passphrase

    57 encryption is not an option. It must be provided with the <codeph>-pass</codeph> option.

    58 If this option is not specified, <b>CreateSIS</b> prompts for the passphrase

    59 during key generation. </p> </section>

    60 </conbody><related-links>

    61 <link href="GUID-AA555CC1-5CFF-5609-9191-8970F32BA255.dita"><linktext>CreateSIS</linktext>

    62 </link>

    63 <link href="GUID-4BDC9F63-83A1-53A5-91A0-B092AA821755.dita"><linktext>MakeSIS</linktext>

    64 </link>

    65 <link href="GUID-B20EE8A3-D7B2-5872-AF43-001A88C1A46E.dita"><linktext>SignSIS</linktext>

    66 </link>

    67 </related-links></concept>