I work on at Nokia and this is for a Nokia project. If I embed a Symbian signed sis package that has sensitive capabilities, what is the criteria for the certificate that I must use to sign the sis package that includes the embedded one?

I *think* I have moved all 'sensitive' dlls to one sis and have that officially signed. Now I want to embed this and sign the overall sis package with my team's certificate/key. Does my certificate need to be able to sign the 'sensitive' dlls?

What about my installer?

I'm having trouble getting this to work.

I'm trying to limit the chance betas of our application make it outside of Nokia. As long as the changes I make to the 'stuff' outside of the embedded sis are binary-compatible with the files inside, should I be able to sign the application with our own certificate (and allow other Nokia teams to do the same)? This way only IMEIs on the installer list can use our app.