Revision as of 01:44, 9 July 2008 by hartti (Talk | contribs)

Java ME signing for dummies

From Nokia Developer Wiki
Jump to: navigation, search

So your MIDlet causes too many confirmation dialogs? Someone suggested signing for you? You are in the right place....

Want a theoretic overview of Java ME security policy? No? Read on then for more down-to-earth story.

What certificates to use? Mostly the answer is VeriSign, Thawte, or Java Verified. (but note that they cost money and that Java Verified is in fact a certification and testing program).

Yes, when you buy a certificate (usually for a certain duration of time - 1 or 2 years) you can use that certificate for signing for the duration of the certificate. You can install MIDlets on the phone even after that period, granted that the corresponding root certificate is still valid - which they should be until sometime in 2020...

What are the steps for signing? Check these step-by-step instructions to sign with a VeriSign certificate. After signing the JAD file should be a little fatter (with RSA-SHA and Certificate chain attributes) whereas there are no changes for the JAR.

No, you cannot install an additional certificate for MIDlet signing on your phone. It does not matter if you created the certificate yourself or if got some root certificate from a trusted CA. (ok, ok, there is a bug on S60 2nd Edition devices which makes this possible...) And please, direct your complaints to MIDP specification group.

What? You deleted a code signing certificate from your phone? No way to revert that. See above.

Made changes to your MIDlet after signing? Seriously, no problem. Just sign the MIDlet again. (Of course if you got the signature from Java Verified after passing the tests, you need to go through the testing again and pay for the additional testing round.)

189 page views in the last 30 days.

Was this page helpful?

Your feedback about this content is important. Let us know what you think.


Thank you!

We appreciate your feedback.