Discussion Board

Results 1 to 7 of 7
  1. #1
    Registered User
    Join Date
    Oct 2003

    Sign MIDlet...The right steps

    Hi all, i read a lot of messages about signing of midlets
    Now i need to sign my midlet, so I try to explain what i have understand and Id like if u can help me where im wrong

    A) Create keystore
    keytool -genkey -alias [SignedMidlet] -keyalg RSA -keystore midlet.sks
    Here we have to add info about us: Name, Company, etc
    [midlet.sks will be created]

    B) Create certificate req:
    keytool -certreq -alias [SignedMidlet] -keystore midlet.sks -file request.csr
    Now we have to send request.csr for purchase a code-signing certificate from a CA (named for example CERT_FILE)

    C) Certificate returned from CA can be imported:
    keytool -import -file [CERT_FILE] -alias [SignedMidlet] -keystore midlet.sks

    Now with SUN Wireless toolkit we can do:
    Run Utilities from start menu -> Sign Midlet -> Import Key Pair -> Select 'midlet.sks'

    Finally we can do:
    Run Utilities from start menu -> Sign Midlet -> Sign MIDlet Suite -> Select out JAD

    If I understand well, this will work...
    In your opinion, is ok?

    About CA:
    We have to buy only Code-Signing certificate
    Verisign or Thawte?
    I need that application will:
    Send SMS, Read into file system, Accept SMS-Push, Autostart, Camera control and gprs connection
    And i need that after install the midlet no question will be for user and no special config will be done into user-phone

    Sun Java Signing Digital ID
    Used with the Signing tools part of the Sun Java SDK, this certificate is used for generating digital signatures for Java Archive (JAR) files: Java applets, midlets and other Java applications that may be deployed stand-alone or in the IE or Netscape browsers.
    1-Year$ $ 499

    Certificato Sviluppatore JavaSoft
    Questi certificati possono essere utilizzati con JavaSoft's JDK 1.3 e successivo per firmare applets.
    Sorry but web page translate all in italian, anyway here no talk about midlets...only about applets
    Is the same?
    1-Year$ $ 199.00

    My question is:
    1) When you sign any midlet, you use Thawte or Verisign (the price is really different)?
    2) What problems i will meet using Verisign or Thawte ?
    3) All permission i need, will work using Verisign or Thawte?

    Thanks for info and I hope this post will help other too


  2. #2
    Registered User
    Join Date
    Mar 2003
    1) Thawte and VeriSign (because some models have only one of them)
    2) A lot or none. Depends on your luck.
    3) Nobody can tell this for sure, actually, I think many of your permissions will not be granted even in 3rd party domain, especially the SMS permissions. I recommend to play with the Platform SDKs which are quite correct and give you the maximum possible permissions in the 3rd party domain. However, operators may have changed the permissions to lower ones and/or require to use their certificate authority. Some devices have obscure permissions as well. Have a search on this forum, no one is able to answer this question in general.

  3. #3
    Super Contributor
    Join Date
    Dec 2005

    Re: Sign MIDlet...The right steps

    hi Matteo,

    as traud mentioned in #3: signing midlet/app with cert does not mean that no user permission will be required because default settings for most apis are "session" not "blanket" as you presumed, so even if application is signed with 3rd party cert you need to explain user that she need to change suite security settings using application manager to not be asked at least once for permissions,
    sms cannot be sent without user consent at all with 3rd party certs - we have such thread on forum somewhere about that specific api (WMAPI) topic,


  4. #4
    Registered User
    Join Date
    Oct 2005

    Re: Sign MIDlet...The right steps

    aku, ipul, hermanI already follow te right steps, but it cidn't help me.
    I still get "Installation security error. Unable to Install".
    This is my JAD :

    MIDlet-1: Barablu,b_icon.png,main.Barablu
    MIDlet-Jar-Size: 213810
    MIDlet-Jar-URL: Barablu_208x208_Nokia_6230i_v.2.5_build_009.jar
    MIDlet-Name: Barablu
    MIDlet-Permissions-Opt: javax.microedition.io.Connector.socket, javax.microedition.io.Connector.file.write, javax.microedition.io.Connector.file.read
    MIDlet-Vendor: Barablu
    MIDlet-Version: 2.5
    MicroEdition-Configuration: CLDC-1.1
    MicroEdition-Profile: MIDP-2.0


    MIDlet-Certificate-1-2: MIIEvzCCBCigAwIBAgIQQZGhWjl4389JZWY4HUx1wjANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNzE2MDAwMDAwWhcNMTQwNzE1MjM1OTU5WjCBtDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNDEuMCwGA1UEAxMlVmVyaVNpZ24gQ2xhc3MgMyBDb2RlIFNpZ25pbmcgMjAwNCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL687rx+74Pr4DdP+wMQOL4I0ox9nfqSfxkMwmvuQlKM3tMcSBMl6sFjevlRZe7Tqjv18JScK/vyZtQk2vf1n24ZOTa80KN2CB4iJyRsOJEn4oRJrhuKof0lgiwQMOhxqyjod0pR8ezN+PBU1G/A420Kj9nYZI1jsi1OJ/aFDv5t4ymZ4oVHfC2Gf+hXj61nwjMykRMg/


    MIDlet-Jar-RSA-SHA1: Gm4pQJ/3LSltfbEG6AOamnhJgvbyCD7ExcHeA10QhhRs4ih+K3312+G5g+PsokAeeRlIvDGtITul/

    I only signed the JAD.
    I get the certificate from Verisign.

    I really appreciate everything that can help me

    Thank you very much

    Mikael Eko

  5. #5
    Registered User
    Join Date
    Mar 2003
    Make sure you have set the date/time correctly on your phone, not deleted the VeriSign root certificate in the phone and then please post your full JAD within a code tag. I have not looked very much at yours, however, your MIDlet-Certificate are far too short to be true. I cannot make valid certificates out of them. Furthermore, I recommend to leave out MIDlet-Certificate-1-3 for a Nokia Series 40…

  6. #6
    Registered User
    Join Date
    Sep 2008

    Re: Sign MIDlet...The right steps

    Maybe I can help you:

    I need to sign my midlet for allways allow connectivity, network access, read user data, write user data, etc...

    But I was no sure if a Third Trusted Party Certificate allows my to do that.

    So I download a file browser for the phone (in my case Y-Browser for s60 3rd), open

    you cann't modify the file but you can check what permission will you have with certain certificates.

  7. #7
    Registered User
    Join Date
    Dec 2009

    Re: Sign MIDlet...The right steps

    I've found new service to sign midlet with a correct root certificate. http://j2start.com
    What do you think? Does it work? It's cheap enough and they give one try for free.

Similar Threads

  1. Steps To Build A Java Bluetooth Midlet For Free
    By Mombasstic in forum Bluetooth Technology
    Replies: 5
    Last Post: 2007-10-18, 09:54
  2. Unable to Sign MIDlet with J2mePolish1.3-Beta3
    By kksidhu2002 in forum Mobile Java General
    Replies: 2
    Last Post: 2006-09-17, 01:58
  3. how to sign a midlet for testing purpose
    By PriyankaChaurishia123 in forum Mobile Java Tools & SDKs
    Replies: 4
    Last Post: 2006-02-21, 15:45
  4. Can you ever sign a midlet and let it work on 6600?
    By drew999 in forum Mobile Java General
    Replies: 4
    Last Post: 2004-06-18, 11:33
  5. MIDP 2.0: How do I sign a midlet?
    By jimmichr in forum Mobile Java General
    Replies: 0
    Last Post: 2003-12-10, 17:29

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts