Mercurial Mercurial > oss > MCL > sftools > depl > docscontent / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Symbian3/SDK/Source/GUID-46D6DF29-38F7-5842-9FDD-82754AE8D9A0.dita
changeset 0 89d6a7a84779 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/Symbian3/SDK/Source/GUID-46D6DF29-38F7-5842-9FDD-82754AE8D9A0.dita	Thu Jan 21 18:18:20 2010 +0000
@@ -0,0 +1,137 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (c) 2007-2010 Nokia Corporation and/or its subsidiary(-ies) All rights reserved. -->
+<!-- This component and the accompanying materials are made available under the terms of the License 
+"Eclipse Public License v1.0" which accompanies this distribution, 
+and is available at the URL "http://www.eclipse.org/legal/epl-v10.html". -->
+<!-- Initial Contributors:
+    Nokia Corporation - initial contribution.
+Contributors: 
+-->
+<!DOCTYPE concept
+  PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd">
+<concept id="GUID-46D6DF29-38F7-5842-9FDD-82754AE8D9A0" xml:lang="en"><title>Human-Readable
+File Formats Reference</title><shortdesc>This section provides details of the fields in the various certificate
+store human-readable files. </shortdesc><prolog><metadata><keywords/></metadata></prolog><conbody>
+<section id="GUID-83AA7A83-E51B-5BFA-9BB2-A0CED031B8B0"><title>File Certificate
+Store Field Details</title> <p>The following table provide details of the
+file certificate store fields: </p> <table id="GUID-83651A7D-D70E-55D1-96CC-97E3239F7B9C">
+<tgroup cols="2"><colspec colname="col0"/><colspec colname="col1"/>
+<tbody>
+<row>
+<entry><p> <b>Name</b>  </p> </entry>
+<entry><p> <b>Description</b>  </p> </entry>
+</row>
+<row>
+<entry><p> <codeph>StartEntry</codeph>  </p> </entry>
+<entry><p>Specifies the certificate label. This label is in UTF-8 format and
+limited to 64 characters. </p> </entry>
+</row>
+<row>
+<entry><p> <codeph>Deletable</codeph>  </p> </entry>
+<entry><p>The value of this field indicates whether the certificate can be
+deleted. <codeph>True</codeph> indicates that the certificate can be deleted. <codeph>False</codeph> indicates
+that the certificate must be protected from deletion. </p> </entry>
+</row>
+<row>
+<entry><p> <codeph>Format</codeph>  </p> </entry>
+<entry><p>Specifies the certificate format. This is usually set to <codeph>EX509Certificate</codeph>. </p> </entry>
+</row>
+<row>
+<entry><p> <codeph>CertificateOwnerType</codeph>  </p> </entry>
+<entry><p>Indicates the type of certificate owner. This field has the following
+legal values: <codeph>ECACertificate</codeph>, <codeph>EUserCertificate</codeph> and <codeph>EPeerCertificate</codeph>. </p> </entry>
+</row>
+<row>
+<entry><p> <codeph> SubjectKeyId</codeph>  </p> </entry>
+
+<entry><p>Both these fields are used to build certificate chains by looking
+for certificates with <codeph>SubjectKeyId</codeph> values that match the <codeph>IssuerKeyId</codeph> value
+of the first certificate in the chain. While the <codeph>SubjectKeyId</codeph> enables
+identification of certificates containing a public key (in this case, the
+issuer key), the <codeph>IssuerKeyId</codeph> is the unique value that identifies
+the issued certificate. </p> <p>These fields are optional. If omitted, their
+values are considered equivalent to auto. For x509 certificates, it is recommended
+that these fields be omitted or set to auto. For other certificate types,
+specify an octet string value. </p> </entry>
+</row>
+<row>
+<entry><p> <codeph> IssuerKeyId</codeph>  </p> </entry>
+</row>
+<row>
+<entry><p> <codeph> StartApplicationList</codeph>  </p> </entry>
+
+<entry><p>Indicates the start and end of the application list. An application
+list specifies the applications associated with a certificate. Applications
+can be specified by UID or by name (in which case they are looked up in <codeph>certclients.dat</codeph>). </p> </entry>
+</row>
+<row>
+<entry><p> <codeph> EndApplicationList</codeph>  </p> </entry>
+</row>
+<row>
+<entry><p> <codeph>Trusted</codeph>  </p> </entry>
+<entry><p>The value of this field is usually set to <codeph>True</codeph>.
+If set to <codeph>False</codeph>, the certificate does not act as a trust
+anchor and its capabilities are not used. </p> </entry>
+</row>
+<row>
+<entry><p> <codeph>DataFileName</codeph>  </p> </entry>
+<entry><p>Specifies the name of the file from which the certificate is to
+be read. </p> <p>If the certificate format is not x509, the contents are treated
+as a raw block of data. If the format is x509, the file can be either of the
+following: </p> <ul>
+<li id="GUID-39DE0AA4-A147-51CD-B39F-044DC67BF272"><p>A Privacy Enhanced Mail
+(PEM) encoded certificate in a UTF-8 file with or without a UTF-8 Byte Order
+Marker (BOM) </p> </li>
+<li id="GUID-176D7B07-879F-5D3F-86A5-EF18B9A450FB"><p>A binary file containing
+a Distinguished Encoding Rules (DER) encoded certificate. </p> </li>
+</ul> </entry>
+</row>
+</tbody>
+</tgroup>
+</table> </section>
+<example id="GUID-C30DFFCA-DFFB-5F1F-8306-659B8429EBFC"><title>SWI Certificate
+Store Field Details</title> <p>The following table provides information on
+the SWI certificate store fields. Because the SWI certificate store is a superset
+of the file certificate store, the following table lists only fields specific
+to the SWI certificate store. </p> <table id="GUID-E7CC3963-A5B0-52EE-B855-13DA11EB0FCD">
+<tgroup cols="2"><colspec colname="col0"/><colspec colname="col1"/>
+<tbody>
+<row>
+<entry><p> <b>Name</b>  </p> </entry>
+<entry><p> <b>Description</b>  </p> </entry>
+</row>
+<row>
+<entry><p> <codeph>CapabilitySet</codeph>  </p> </entry>
+<entry><p>Defines a list of capabilities allowed in applications that have
+the certificate as their trust anchor. Standard capability names or numeric
+bit numbers can be specified. </p> </entry>
+</row>
+<row>
+<entry><p> <codeph>Mandatory</codeph>  </p> </entry>
+<entry><p>The value of this field is usually be set to <codeph>False</codeph> so
+that it enables the installation of any package not signed by a certificate
+that resolves to a SWI certificate. A <codeph>True</codeph> value prevents
+normal installation of packages. </p> <p> <b>Note:</b> If the certificate
+store is deployed in a device that does not support the feature of updating
+ROM files without using SIS stubs, the certificate gets interpreted as <codeph>Mandatory</codeph>.
+This prevents all normal applications from installing. </p> </entry>
+</row>
+<row>
+<entry><p> <codeph>SystemUpgrade</codeph>  </p> </entry>
+<entry><p>The value of this field must usually be set to <codeph>False</codeph> to
+enable normal installation of applications. A <codeph>True</codeph> value
+of this field indicates that any application signed by a certificate which
+resolves to this certificate is treated as a System Upgrade, and consequently,
+a lot of security checks are disabled for that application. </p> <p> <b>Note:</b> The
+field is set to <codeph>True</codeph> only when the certificate store is deployed
+in a device that supports the feature of updating ROM files without using
+SIS stubs. </p> </entry>
+</row>
+</tbody>
+</tgroup>
+</table> <p> <b>Important: </b> A SWI certificate store does not have a <codeph>Deletable</codeph> field
+because all the SWI certificates are protected from deletion. </p> </example>
+</conbody><related-links>
+<link href="GUID-B1B3C5E6-9F38-5A55-A30E-4C7591B446CC.dita"><linktext>Certificate
+Store Human-Readable File Formats</linktext></link>
+</related-links></concept>
\ No newline at end of file
MCL/sftools/depl/docscontent