×

Discussion Board

Page 1 of 3 123 LastLast
Results 1 to 15 of 38
  1. #1
    Registered User
    Join Date
    Dec 2003
    Posts
    14

    Success story: Signed midlet & 6600 (4.09.1)

    Hello,

    After spending some agonizing hours in a world of x509 & al. (i.e. including but not limited to trying to generate e.g. correct root CA and codesigning certificates with the help of a openssl etc.) the solution turned out to be quite simple and obvious.

    So...in order to get midlet a) signed and b) work correctly in 6600 (4.09.1) (as a trusted third party software) one might want to do this:

    1) Create a RSA key with keytool like:
    keytool -genkey -keyalg RSA .....
    2) Self certificate the key:
    keytool -selfcert .....
    3) Export self certified key:
    keytool -export -file some.cer .....
    4) Send this some.cer to 6600 via e.g. bluetooth, save it and adjust trust settings
    5) Use Sun's WTK...File --> Utilities --> Sign Midlet --> Import Key Pair...(from a keystore where you had just put your newly created certificate)
    6) Sign your midlet with this certificate and download it via OTA to 6600 or send it via bluetooth (remember to send both jad and jar).

    Summasummarum...after these operations user can give a permission for a midlet to use e.g. PushRegistry alarms so that firmware doesn't always request confirmation from an end user.

  2. #2
    Registered User
    Join Date
    Dec 2003
    Location
    Düsseldorf, Germany
    Posts
    15

    Get the same error as before

    Hi,

    I spend hours on this dodgy problem without the final success.

    I can make a CA authority, requests, key pairs etc. and I can install the certificate. But when I try to install the signed MIDlet on the 6600 there is alway a security error: Cannot find the root certificate (translated from german)

    I tried your way, too but I got the same error.

    What the hell is wrong here?`

    Thanks.

    www.bluetoothflirt.de
    Last edited by schnejan; 2004-04-27 at 16:55.

  3. #3
    Registered User
    Join Date
    Dec 2003
    Location
    Düsseldorf, Germany
    Posts
    15

    Seem to be a problem of the firmware

    Now I had success after updating on the new firmware 4.09.1.

  4. #4
    Registered User
    Join Date
    Apr 2004
    Posts
    7

    I coud not get it work!

    Hi,
    I have the last firmware on my 6600,
    and I tried following You instruction but I always get the authorization error.

    I don't know if I'm wrong with keytool commands.
    I try following Your instruction but I always get a signed error exception (cannot recover the key) from the WTK2.1.

    Please coud You help me?

  5. #5
    Registered User
    Join Date
    May 2004
    Posts
    34
    I have a code signing certificate from a CA, but after I sign my midlet with it, and try to install it, I get an security error.

    Could you please tell me why?

    Thank you.

  6. #6
    Registered User
    Join Date
    Apr 2004
    Posts
    7
    Hi,
    I try to answer:

    1) check Your FW release: must be 4.09.1 or later

    2) if You use Your own "precompiled" library ("mylib.zip" inside the "lib" project folder) maybe You cannot get the authorization for the installation: check this just removing You library.

    I hope this help You.

  7. #7
    Registered User
    Join Date
    May 2004
    Posts
    34
    Yes, I check it is 4.0.91.

    No, I don't have any library.

    Could you please tell me how to get a signed mildet to work on Nokia 6600 phone?

    Do you use a code signing certificate from a CA?
    Or you use a self certificate created by yourself like the steps listed above.

    Thanks in advance for your help.

  8. #8
    Registered User
    Join Date
    Apr 2004
    Posts
    7
    Hi,
    I've installed a midlet without sign it.
    This midlet use PushRegistry and WMA.
    It's work right!!

    Once I'll solve some problems with the library I use, I'll install also the MIDLet signed using the steps described on top of this thead.

    Please, let me know if You have success.

  9. #9
    Registered User
    Join Date
    May 2004
    Posts
    34
    I get a certificate from a CA, but when I use that to sign my midlet, that does not work. I got security exception.

  10. #10
    Registered User
    Join Date
    Nov 2003
    Posts
    8

    More details?

    Hi,

    Seems like only random_john_doe and schnejan got this thing working with their own certificate's (or at all). Could you guys describe your process in more detail?
    I also tried creating certificate and signing with 6600 (4.09.1), but got only "Authorisation failed" message while installing.

  11. #11
    Registered User
    Join Date
    Dec 2003
    Posts
    14

    Check your sertificates trust settings

    Hello,

    I was unable to get any "Authorisation failed" error message (no matter how hard I tried). Instead I was able to get "Installation security error. Unable to install" (or similar...dialog wasn't visible long enough to learn it by heart) _if_ sertificate that I had used to sign a midlet was not marked as "Application install sertificate". Tools -> Settings -> Security -> Certif. Management -> [my selfsigned sertificate] -> options -> Trust settings -> App. installation -> [change to yes].

    I don't know how I could describe "process" in more detail without takin actual screenshots or command prompt log.

  12. #12
    Registered User
    Join Date
    Nov 2003
    Posts
    8
    Sorry, I forgot mention that my certificate also has application installation maked as "yes".

    Even though there isn't so much options in those keytool methods, but command prompt log could clarify those first 3 steps in in your first message...

  13. #13
    Registered User
    Join Date
    Dec 2003
    Posts
    14
    1) keytool -genkey -alias testCA -keyalg RSA -keysize 512 -validity 360 -keypass password -keystore example.sks -storepass password

    2) keytool -selfcert -alias testCA -keypass password -keystore example.sks -storepass password

    3) keytool -export -alias testCA -file testCA.cer -keystore example.sks -storepass password

  14. #14
    Registered User
    Join Date
    Mar 2004
    Posts
    7
    Hi random_john_doe,

    I followed the exact steps as you have described before, I could send my self made certificate to Nokia 6600, and sign my app using the same cert, when i do the OTA to my phone it says "Instalation failed, security error" as you have described. I have enable my certificate trust settings to application install along with internet. But still no success. I have got the 4.09.1 FW as well. It will be really a great great for people who are trying to sign a midlet and successfully install it. My company need to sign it as at the time of instalation the user sees "Do you want to install bla bla, It is untrusted", the user normally quit and never install it. It will be a great helf if you can post your self made certificate, the demo app you have signed and installed successfully(both jar and jad) on the internet. If you want webspace i would like to give you, If you have got spare time to help some unsuccessfull developer then please take some snapshot as well.
    Manas
    Last edited by manasmchex; 2006-01-06 at 15:33. Reason: removed private email

  15. #15
    Registered User
    Join Date
    Dec 2003
    Posts
    14
    IIRC I had some problems with my build environment which generated JAD and JAR files (along with whole software). If I had too long MIDlet-n line, that particular line was wrapped in manifest file...(similar effect occured for MIDlet-Permissions(-opt) lines too). Symptoms were that device (6600) didn't accept my application. I don't remember exact error message that phone threw to my face.

    I would like to suggest that you start with _very_ simple midlet which has short name (class name) and e.g. only one permission listed in MIDlet-Permissions property and work your way up from there and try to figure out what causes your problems.

    I don't have time (or to be honest: motivation :-) to write an example application with an example certificate. I think it should be a Forum Nokia staff members job...which brings to my mind a note from a recent whatever-its-name-was-document in forum nokia document space which said that list of root certificates in Nokia's devices are locked...Does anybody know if this current situation with 6600's 4.09.1 firmware is a temporary "malfunction" which shall be "fixed" in the forthcoming releases. Has anybody tested certificate installation with 7610?

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •