×

Discussion Board

Results 1 to 8 of 8

Thread: certificate

  1. #1
    Registered User
    Join Date
    Sep 2005
    Posts
    15

    certificate

    i have one question. i don´t really understand how the certification proccess works:

    here you can find how to create your own cert and how to sing your midlet.

    http://www.spindriftpages.net/pebble...275880301.html

    i´ve done it. it works fine. but what is the sense of such certs?
    the mobile user should load my cert, my app and can use it. But I´m not trusted , so i can write absurd code in my midlet?!
    what about CA, where you have to pay about 400$?
    what are the steps?
    1)send CSR
    2)CA generate you a cert.
    3)?
    and then?
    the same procedure?

    what i want is:
    the user should load only my application e.g. internet(it´s already signed with e.g. verisign. Verisign is in almost all mobiles as root cert.)
    is this possible?

  2. #2
    Super Contributor
    Join Date
    Mar 2005
    Location
    Paris
    Posts
    814

    Re: certificate

    the sense of such midlet is to identify the midlets that come from you, and only you
    no one can issue certifications with your signature but you
    it means for example that if you are trusted by someone, it can considere any applications comming with your certificate as trustable (and turn to you if things go wrong)
    to get your app signed by a trusted 3rd part is surely more complicated

    ps : it is basically the same system as ssl certficate, it assures you that the creator of the app is the person you think it is, but anyone can create one

  3. #3
    Registered User
    Join Date
    Sep 2005
    Posts
    15

    Re: certificate

    ok. i understand the sense of certs.
    but how to handle with it?
    i have cert and
    i have signed with this cert. my app.
    now i have to copy both cert an app to my mobile?
    is it not a little bit circuitous?
    is there any other possibilities?
    e.g:to import cert in jar file so that user should only load one file on his mobile?

  4. #4
    Registered User
    Join Date
    Mar 2003
    Posts
    4,105

    Re: certificate

    Normally you send a CSR to a CA which CA certificate is on your target device. You sign your JAD. Then the user downloads the JAD + JAR and everything is fine. Because the CA is known to your device already, no need to download the CA certificate.

    The above procedure is a trick. It is a self signed CA. This CA is unknown to your target device. To make it known, the target device has to know (and load) your self signed certificate. This is a perfect test, so your application works and everything is as expected. This trick works on some Nokia Series 60 only. Actually I consider it a bug because the MIDP 2.0 specification says, that self signed MIDlets are not allowed.

    The other question is: What is the benefit of signing? I see not so much, depending on your required permissions.

    If I understand you correctly you want to do secure internet transmissions. For this no signed MIDlet is needed. A signed MIDlet gives you some more permissions (not many more) and avoids some warnings (not very much).

  5. #5
    Registered User
    Join Date
    Sep 2005
    Posts
    15

    Re: certificate

    Thanks for reply

    Quote Originally Posted by traud
    Normally you send a CSR to a CA which CA certificate is on your target device. You sign your JAD. Then the user downloads the JAD + JAR and everything is fine. Because the CA is known to your device already, no need to download the CA certificate.
    it makes sound sense what you´re writing. But the CSR i send to CA is only the information about me (or the company). It means that I get a real certificate without sending written application i want to sign. So behind this signed midlet could be an absurd code, so there is no safety for user even application is signed?!

    Quote Originally Posted by traud
    The above procedure is a trick. It is a self signed CA. This CA is unknown to your target device. To make it known, the target device has to know (and load) your self signed certificate. This is a perfect test, so your application works and everything is as expected. This trick works on some Nokia Series 60 only. Actually I consider it a bug because the MIDP 2.0 specification says, that self signed MIDlets are not allowed.
    well, you´re right. I tried it with Nokia 7610 and i was suprized how it is easy to add/delete certificates. I thought, you´re not allowed to do it. Do you know how the certificates come on devices (who is authorized?mobile developer like nokia, motorola or mobile network operator like O2, T-Mobile?)

    Quote Originally Posted by traud
    The other question is: What is the benefit of signing? I see not so much, depending on your required permissions.

    If I understand you correctly you want to do secure internet transmissions. For this no signed MIDlet is needed. A signed MIDlet gives you some more permissions (not many more) and avoids some warnings (not very much).
    so is there anybody who signes own apps?
    which mobiles supports root certificates?

  6. #6
    Registered User
    Join Date
    Mar 2003
    Posts
    4,105

    Re: certificate

    Quote Originally Posted by naeko
    there is no safety for user even application is signed?!
    With the original MIDP signing, yes. You can even sign JARs of other programmers. But in reality most official CAs require more than a CSR…
    Quote Originally Posted by naeko
    I tried it with Nokia 7610 and i was suprized how it is easy to add/delete certificates. I thought, you´re not allowed to do it. Which mobiles supports root certificates?
    You mix SSL/TLS/WTLS and code root certificates. It is normal to allow new SSL certificates, every browser on the destop allows this and many mobile phones do so, too. Not all but at least whole Nokia world. Code certificates (for Symbian OS and J2ME) are different. For example for J2ME, the MIDP on GSM/UMTS the specification disallows new root certificates.
    Quote Originally Posted by naeko
    Do you know how the certificates come on devices who is authorized?
    Manufacturer and operator although operators should use the SIM as WSIM.
    Quote Originally Posted by naeko
    so is there anybody who signes own apps?
    Manufacturs, Operators and those who need a special permission or want to limit the warnings. For example for JSR-75 (File & PIM) it is very useful.

  7. #7
    Registered User
    Join Date
    Sep 2005
    Posts
    15

    Re: certificate

    sorry that i always have a question on your reply

    Quote Originally Posted by traud
    With the original MIDP signing, yes. You can even sign JARs of other programmers. But in reality most official CAs require more than a CSR…
    i think verisign is an official CA, which exists on much mobiles (Verisign 1,2,3,4) and they only wanted CSR from me. absurd...

    Quote Originally Posted by traud
    You mix SSL/TLS/WTLS and code root certificates. It is normal to allow new SSL certificates, every browser on the destop allows this and many mobile phones do so, too. Not all but at least whole Nokia world. Code certificates (for Symbian OS and J2ME) are different. For example for J2ME, the MIDP on GSM/UMTS the specification disallows new root certificates.Manufacturer and operator although operators should use the SIM as WSIM.
    In some mobiles i have options "certificate management" where i find differtent certificates(geotrust, thawte, verisign, nokia, etc.). are these SSL or root certificates? Other mobiles don´t care what application you install. they don´t even alert you about untrusted midlet (e.g. Nokia 6210) and you can´t find nowhere an option of "certificate management" to see existing certificates. Are there special series of mobiles or does it have something with symbian devices to do?

    Quote Originally Posted by traud
    Manufacturs, Operators and those who need a special permission or want to limit the warnings. For example for JSR-75 (File & PIM) it is very useful.
    Are there other warnings which user can switch off using signed midlet except JSR75???

  8. #8
    Registered User
    Join Date
    Mar 2003
    Posts
    4,105

    Re: certificate

    First of all trusted MIDlets are a MIDP 2.0 only concept. Trusted MIDlets will work on MIDP 1.0 devices but there is no certificate concept. The certificate managment of phones is very heavy manufacturer dependent. Nokia (all Series) shows all certificates and mix them all in one place. You are able to see in the options if it is a SSL, Symbian or J2ME certificate. Some are for all, some for one.

    Which permissions are given to a 3rd party trutsed and which to an untrusted MIDlet depends on phone model (and firmware). Here on my Nokia 6680 it is useless; except for JSR-75. On other models you get more permissions; on others less. And not all phones have the same CAs. Unknown CAs lead to a rejected MIDlet instead of an untrusted MIDlet. And so on…only sign your MIDlet if really, really useful. At least offer two JADs: One untrusted.

    Nokia 6210? It has no J2ME.

    Verisgn: I said most. Not all.
    Last edited by traud; 2005-10-06 at 22:00.

Similar Threads

  1. How to make a private key and self signed certificate
    By arun_sl in forum Symbian Tools & SDKs
    Replies: 15
    Last Post: 2011-11-23, 13:18
  2. Signing midlets with Verisign certificate for Nokia 6600
    By rmellado in forum Mobile Java General
    Replies: 0
    Last Post: 2004-07-02, 10:36
  3. How do I generate my own content certificate for a 7650
    By jbb1003 in forum Symbian Networking & Messaging (Closed)
    Replies: 1
    Last Post: 2002-12-05, 12:13
  4. Please help implementing WTLS
    By Nokia_Archived in forum WAP Servers
    Replies: 1
    Last Post: 2002-05-20, 13:27

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
×