Please note that as of October 24, 2014, the Nokia Developer Wiki will no longer be accepting user contributions, including new entries, edits and comments, as we begin transitioning to our new home, in the Windows Phone Development Wiki. We plan to move over the majority of the existing entries over the next few weeks. Thanks for all your past and future contributions.
Signing process in Java ME
Java Verified™ Program is a standards-based application testing and signing program accepted by multiple operators and device manufacturers for third party applications.
Private and Public Key the Basics:
• Private key is used to sign the application
• Public key is used to verify that the signature is authentic
• Embedded in the phone by the manufacturer
• “Root certificate”
after signing the JAD file
• Does the device have the corresponding root certificate?
Is the information correct?
No: Installation fails
Yes: Installation succeeds
Digital Signatures and Domains
• Access restrictions in Java™ Platform, Micro Edition (Java ME platform) fall into domains
• A signed application installs to the domain which has the corresponding root certificate in the device
• The access restrictions on APIs and permission types vary between domains
Unidentified 3rd party
Identified 3rd party
• Not allowed
• Ask every time
• Ask first time
• Always allowed
MIDP 2.0—Network Access
• Unidentified third-party protection domain: = Application is not signed
• Not allowed, Ask every time, Ask first time
• Identified third-party protection domain: = Java Verified Program signed application
• Not allowed, Ask every time, Ask first time, Always allowed
Signing in Java Verified Program
• Done after the application has passed the testing
• GeoTrust CA for UTI
• The application cannot be altered
• Application is installed to the Identified third-party protection domain of the device
• Better user experience:
• The application is trusted by the device, no installation errors
• The user has more options to control the application behaviour
• Access to certain APIs
• The test criteria has the main considerations for mobile applications
• Use it at the application specification phase
• Use it at the application acceptance testing phase
• The criteria can easily be integrated as part of your application development process
Make sure the application works:
• Use it yourself!
• Get an independent test done (not by the coder)
• Exploit the available information
• Your operator/carriers and manufacturers developer program and tools they may provide
'Why the Application Does Not''''Install?
• No “GeoTrust CA for UTI” in the certificate store, remove from JAD:
• “MIDlet-” in Java Application Descriptor (JAD) file = “MIDlet-” in Java Archive (JAR) file manifest
• Exceptions: MIDlet-Jar-Size and MIDlet-Jar-URL
• MIDlet-Permissions are correct?
• Date and Time settings on the device must match the certificate validity period