×

Discussion Board

Results 1 to 7 of 7

Thread: Module Signing

  1. #1
    Regular Contributor
    Join Date
    Oct 2004
    Location
    Hamburg
    Posts
    58

    Lightbulb Module Signing

    Hi all,

    i am planning a symbian 9.x application, which needs access to the telephony functions. In this case the sis file must be symbian signed.

    My idea is to write a small exe application, which handels all actions that needs symbian signing. A second app will be delivered as the user interface, which needs no signing.

    Both programs will communicate asynchronous over processes (client/server).

    So i can change the gui of the client app and can deliver this app to use telephony functions without new signing processes.

    Is that's right? Can small exe programs without a gui (like an api) be symbian signed?

    I think so, because the EXE-Start-On-Boot-Api is symbian signed and this application is only an api.

    The unsigned client gui will depend on the own symbian signed telephony api. Both will delivered in one sis file (embedded sis).

    Thanks for your answers...

  2. #2
    Super Contributor
    Join Date
    May 2003
    Location
    Vancouver, Canada
    Posts
    985

    Re: Module Signing

    That should work.

    A .sis file can be signed with self-signed certificate and contain other .sis files the are signed with Symbian Signed (and require high-level capabilities).

    Antony

  3. #3
    Super Contributor
    Join Date
    Nov 2004
    Location
    Wiltshire, UK
    Posts
    3,644

    Re: Module Signing

    In theory it would work, in practise I think it would be failed as the intention is to bypass Symbian signed and leak capabilities. You would also be signing up to some pretty heavy legal implications for what you want to do and there is no way you could prevent others misusing your application.

    Effectivly you are introducing a security hole into the system which others could exploit.

    Are you sure you need to get Symbian signed anyway, the telephony API's for the most part require user granted capabilities anyway.

    What is this "start on boot api" you are talking about? I think this is a 2nd edition API and not a 3rd edition one

  4. #4
    Regular Contributor
    Join Date
    Oct 2004
    Location
    Hamburg
    Posts
    58

    Re: Module Signing

    Thx for the fast answers...

    In this case I think that every Symbian Signed EXE (implemented as server) is a security hole, isnt it?

    Yes, the start on boot api is for s60 2nd edition, but the filename contains Symbian Signed: exestartonboot_s60v2_0_SymbianSigned.SIS

    Thx again...

  5. #5
    Super Contributor
    Join Date
    Nov 2004
    Location
    Wiltshire, UK
    Posts
    3,644

    Re: Module Signing

    No, because the servers police their own own capabilities by checking the capabilities of the calling process via SecureId, Vendor Id and HasCapability. All (ok most) servers should be derived from CPolicyServer

    Lets say you wanted to allow anyone to copy DRM protected tracks, so your server installation was signed with DRM capability. You would need to ensure that only clients connecting had DRM capability to prevent any application hijacking your server.

    So you could say, well I will check the SID and make sure only my SID can call the functions. The problem is that the SID you have chosen would be in the unprotected range and thus subject to spoofing so for example I could create an application with the same SID and hijack your executable to strip files of their DRM content locks.

    In 2.x signing was there to verify that you had an untampered sis file, there was no capability model.

  6. #6
    Regular Contributor
    Join Date
    Oct 2004
    Location
    Hamburg
    Posts
    58

    Re: Module Signing

    hmmm ok,

    that makes sense...

    thank you

  7. #7
    Super Contributor
    Join Date
    Nov 2004
    Location
    Wiltshire, UK
    Posts
    3,644

    Re: Module Signing

    As I said, you will probably find the capabilities you need are user grantable anyway meaning you will need to be signed.

Similar Threads

  1. Carbide.j 1.5 and Netbeans 5.5 beta 2
    By ovjo12 in forum Mobile Java Tools & SDKs
    Replies: 5
    Last Post: 2007-06-11, 05:43
  2. Thawte code signing certificates unsupported on Nokia phones?
    By dfun in forum Mobile Java Networking & Messaging & Security
    Replies: 6
    Last Post: 2007-01-11, 02:42
  3. Replies: 2
    Last Post: 2006-10-25, 18:04
  4. Signing problem with 6630 and jad file
    By panwoo in forum Mobile Java General
    Replies: 7
    Last Post: 2005-11-19, 14:57
  5. SMS I/O Control Application via Evaluation Module
    By alokghosh in forum Nokia M2M
    Replies: 2
    Last Post: 2003-06-18, 17:05

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •