Symbian3/SDK/Source/GUID-AFBD4ED6-9588-531C-8EDF-566DB1D03088.dita
changeset 0 89d6a7a84779
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/Symbian3/SDK/Source/GUID-AFBD4ED6-9588-531C-8EDF-566DB1D03088.dita	Thu Jan 21 18:18:20 2010 +0000
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (c) 2007-2010 Nokia Corporation and/or its subsidiary(-ies) All rights reserved. -->
+<!-- This component and the accompanying materials are made available under the terms of the License 
+"Eclipse Public License v1.0" which accompanies this distribution, 
+and is available at the URL "http://www.eclipse.org/legal/epl-v10.html". -->
+<!-- Initial Contributors:
+    Nokia Corporation - initial contribution.
+Contributors: 
+-->
+<!DOCTYPE concept
+  PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd">
+<concept id="GUID-AFBD4ED6-9588-531C-8EDF-566DB1D03088" xml:lang="en"><title>Signing
+SIS Files</title><prolog><metadata><keywords/></metadata></prolog><conbody>
+<p>An installation (SIS) file must be signed with a digital signature, which
+helps in verifying the identity of the vendor. This ensures that the file
+has not been tampered with since it was signed. </p>
+<p>Software install package files can be signed multiple times. However, it
+is not required to sign the file with multiple signatures at the same time.
+Signatures can be added and removed from a package file at any time if the
+relevant keys are available. <xref href="GUID-B20EE8A3-D7B2-5872-AF43-001A88C1A46E.dita">SignSIS</xref> supports
+the signing of SIS files with self-signed certificates or Symbian developer
+certificates. </p>
+<section id="GUID-52029821-0FA4-58C7-94B9-C6B845C42098"><title>Self-signed
+certificates</title> <p>The term <i>self-signed</i> means that the SIS file
+is signed by the creator of the SIS file. A SIS file is <i>self-signed</i> if
+it signed by a certificate that has been self generated. For example, using <xref href="GUID-557BF1DA-B6E8-521B-89F0-15C84E3BCB1A.dita">MakeKeys</xref>. </p> <p>SIS
+files can be signed by Symbian application developers for programs that: </p> <ul>
+<li id="GUID-E2CB54EA-B638-5589-88FF-36DDA57E3388"><p>do not use any APIs
+protected by capability checks. </p> </li>
+<li id="GUID-717FBB11-F58A-5DE5-855A-F41A0CC9AF1B"><p>only require platform
+security capabilities that belong to the "user" or "basic" capabilities group.
+If the Software Installer is required to install a program with these capabilities,
+it can display capability information to the Symbian device user and provide
+an option to continue or cancel the installation. </p> <p>As long as the application
+requests no system capabilities, self-signed SIS files can be installed depending
+on how the installation policy has been configured by the device creator. </p> </li>
+</ul> <p> <b>Note</b>: Self-signed SIS files are not associated with a root
+certificate present on the device. </p> </section>
+<section id="GUID-95FEC08E-0E38-5F88-9FE5-D2DE16BE08FD"><title>Symbian developer
+certificates</title> <p>To test applications on Symbian devices, the SIS file
+can be signed with a Symbian developer certificate. This allows the application
+to be installed without the need for an external testing and signing process.
+Symbian developer certificates can be obtained through <xref href="http://www.symbiansigned.com" scope="external">www.symbiansigned.com</xref>. </p> <p>The usage of Symbian
+developer certificates is restricted to the following: </p> <ul>
+<li id="GUID-01E1055E-C77B-5C42-B54F-EF7A396669BD"><p>Usage with one or more
+listed phones only (through the IMEI/ESN number). </p> </li>
+<li id="GUID-D78F1294-5BB2-52BE-BA31-C06D72261B28"><p>Validity until a specific
+date, after which the certificate expires. </p> </li>
+<li id="GUID-676EB812-5C9B-5291-8746-6FA50B41F651"><p>An agreed set of capabilities
+that the certificate can grant. </p> </li>
+<li id="GUID-8C79AB5F-6708-538E-A0EA-71D493D3D576"><p>A set of SIDs of executables
+that can be installed by the SIS file. If the SIS file package UID is in the
+protected range then it must be included in the list of UIDs in the certificate. </p> </li>
+</ul> <p> <b>Note</b>: A Symbian developer certificate is indirectly signed
+against one of the Symbian root certificates, which are present on the Symbian
+device by default. </p> </section>
+<section id="GUID-C35BB441-E849-5CC4-B1B8-C50C6F250129"><title>Symbian signed
+program</title> <p>Some applications require platform security capabilities
+that cannot be granted by the Symbian application developer. These programs
+must be tested externally and signed with a certificate, which the Software
+Installer recognizes as provided by a trusted entity. </p> <p>This process
+is done through the Symbian Signed programme. For details on ACS Publisher
+ID certificates, Symbian developer certificates and the signing process, see <xref href="http://www.symbiansigned.com" scope="external">www.symbiansigned.com</xref>. </p> </section>
+<section id="GUID-D04B60BA-59A7-59FF-824F-2DC27CE01B74"><title> MANDATORY
+certificates </title> <p>If a certificate is marked as <codeph>MANDATORY</codeph> then
+any package certificate presented during the software installation, must have
+a certificate chain that resolves to this certificate (and any other certificates
+marked as <codeph>MANDATORY</codeph>). If the certificate chain does not resolve
+to a mandatory certificate, the installation fails. This feature prevents
+any unauthorized applications from being installed on the device. </p> <p> <b>Note</b>:
+Unsigned or self-signed applications cannot be installed, if a <codeph>MANDATORY</codeph> certificate
+is present. </p> </section>
+</conbody><related-links>
+<link href="GUID-03BBEA31-3266-5B1C-9017-4EE7EA4AF1A8.dita"><linktext>Creating
+and Signing an Installation File</linktext></link>
+<link href="GUID-B20EE8A3-D7B2-5872-AF43-001A88C1A46E.dita"><linktext>SignSIS</linktext>
+</link>
+<link href="GUID-557BF1DA-B6E8-521B-89F0-15C84E3BCB1A.dita"><linktext>MakeKeys</linktext>
+</link>
+</related-links></concept>
\ No newline at end of file