Revision as of 13:18, 24 November 2011 by aaumala (Talk | contribs)

Archived:User guide: Symbian Signed

From Nokia Developer Wiki
Jump to: navigation, search
Article Metadata
Platform(s): Symbian
Created: aaumala ()
Reviewed: hamishwillee (23 Sep 2011)
Last edited: aaumala (24 Nov 2011)


1. Overview

Symbian Signed is a testing and signing program run by Nokia.

Please find the test criteria here

Symbian Signed supported devices table can be found here

The Symbian Signed service allows you to:

  1. Register UIDs
  2. Sign your Symbian OS application with a test certificate so that you can test it on a live device
  3. Sign your Symbian OS application with a publishing certificate so that you can distribute it to your customer

Please see the chart below for a summary of the services:

Process Symbian Signed account required Publisher ID required Test house testing the application IMEI and UID restriction
Registering UIDs Yes No No No
Development Certificate for less than 10 IMEIs Yes No No Yes
Development Certificate for up to 1000 IMEIs Yes Yes No Yes
Express Signed Yes Yes No No
Certified signed Yes Yes Yes No

The services are mapped based on the Symbian OS Platform Security capabilities. Please see the following chart with the details how the capabilities are mapped per different service.

Symbian Signed Capabilities.jpg

2. Registering to the Symbian Signed service

  • To register you need to have a valid e-mail address. We may have some limitations to which e-mail domains we accept to the service.
  • The company name is read from your Publisher ID when you verify your account. You cannot fill it in earlier.

Taxation issues within the EU

Value Added Tax (VAT) ID and country information is needed for VAT handling whenever you purchase Content IDs for Express Signed. Companies within the European Union should have a VAT ID to provide at the time of purchasing Content IDs. Whether or not VAT is added to your invoice depends on your stated location (Country), and, whether or not you have provided us with your VAT ID. Additionally, when purchasing Content IDs, the VAT Invoice will be sent to you via e-mail, no matter where you are.

Our service is based in Finland. While selling within Finland, we know how much tax to apply for Finnish companies. Other, EU-based, companies can report their 0% taxed purchases locally with the invoices we provide for their VAT ID, as per local law. Then VAT will be locally applied to their derivative products. If there is no VAT ID we will apply the seller local VAT amount - as if the buyer was a end-consumer, not a company producing derivative products. Therefore our VAT handling rules are as follows:

If you have a VAT ID to provide at the time of the purchase, and

  • buying location in Finland VAT = 23% which is included to the price of the purchase
  • buying location in EU VAT = 0%
  • buying location in non-EU VAT = 0%

If you don't have a VAT ID to provide at the time of the purchase:

  • buying location in Finland VAT = 23% which is included to the price of the purchase
  • buying location in EU VAT = 23% which is included to the price of the purchase
  • buying location in non-EU VAT = 0%

For example:

  1. If a company from Finland with a VAT ID is buying 10 Content IDs they will be invoiced 123€.
  2. If a company from China without a VAT ID is buying 10 Content IDs they will be invoiced 100€.
  3. If a company from Germany without a VAT ID is buying 10 Content IDs they will be invoiced 123€.

3. Publisher ID

  • Publisher ID is a certificate used to assure you work for a company and you have the permission to represent that company. The cost of a Publisher ID is 200USD and it is valid for a year. In Symbian Signed the Publisher ID is used to:
    1. Verify your account, i.e., open access to the professional functions of the signing portal.
    2. Sign the applications (SIS files) you submit to Express Signed or Certified Signed.
  • You can apply for a Publisher ID using TC TrustCenter's web page. Chinese developers can use TCT TrustCenter's vetting partner in China, GlobalSign. Please reserve a week to get a Publisher ID.
  • When you have downloaded the Publisher ID to your PC, you can use the tcp12p8.bat to extract it to a key and cer -files which you can use to sign SIS files.
  • For details of applying for the Publisher ID, exporting it to the PC and using the tcp12p8.bat, please read from here:

The following steps are required to acquire and use a Publisher ID.

Before you start

  • You must be part of a company or organisation (publisher IDs are not available to individual developers)
  • You will require documentary proof of the existence of your company or organisation
  • You will need a credit card
  • You should use a corporate email address to register your Symbian Signed account
  • You must use the same computer and browser to apply for and receive your certificate file

Purchase your Publisher ID certificate

Apply for a Publisher ID using TC TrustCenter's web page (http://www.trustcenter.de/en/products/tc_publisher_id_for_symbian.htm). Chinese developers can use TCT TrustCenter's vetting partner in China, GlobalSign (https://cn.globalsign.com/ssl/Symbian_Publisher_ID_ssl.asp).

Click the 'For Developer' button and follow the instructions

  • Enter your Location, State or Province, Country, Organization and Department as you would like them to be put in your certificate. Please also memorize the revocation password.
  • Press Next. The Generate Key Pair page appears. Read the information on the page carefully.
  • Generate a Key Pair: The fields on this page vary between different browsers. Use the default values and press the Generate Key Pair button. Your browser will generate a key pair and then display the Entering Customer Data page.
  • Enter Customer Data: This page is self-explanatory; however you are required to enter information about your company or organisation. You must also enter a revocation password.
  • Press Next.
  • Payment. Enter your credit card details (American Express, Visa or MasterCard)
  • Press Next and wait for an email from TrustCenter. The email will provide you with your Order Number will ask you to send documentation that proves the existence of your company or organization.
  • Send the documents and wait for another email.
  • You will receive email with a link to download your certificate.
  • Click the link and install the certificate into your browser.
  • Now you are ready to export the certificate and save it onto your hard disk (and then back it up on a on a CD or DVD!) Remember the password used during the export process!

Export your certificate from your browser

If you are using Internet Explorer:

  • Open the Tools menu and select Internet Options
  • In the Internet Options dialog select the Content tab and click on the Certificates button
  • In the Certificates dialog open the Personal tab, select the certificate issued by TC TrustCenter and then click the Export button.
  • Please remember to tick the box for exporting the private key and all the keys in the certificate path
  • Follow the wizard and export both public and private key in PKS12 format (*.PFX) file.

If you are using Firefox:

  • Open the Tools menu and select Options...
  • In the Options dialog select the Advanced tab and then Encryption
  • Click the View certificates button
  • In the Certificates Manager dialog select the Your certificates tab, select the certificate issued by TC TrustCenter and then click the Backup... button.
  • Enter a file name and then a password. The file will be saved in the same PKS12 format but the default extension is *.p12
  • Extract the public and private keys from your certificate
  • The following steps assume that your Publisher ID has been saved on your computer as a PKS12 file, named TCTrustCenter.p12. Please adapt the instructions below to the file name you chose when exporting the certificate.

Use the file tcp12p8.bat to create .KEY and .CER files

You can use the tcp12p8 to extract the .KEY and .CER files from the .P12 or .PFX packages.

For example:

TCTrustCenter.p12 mypassword tc.key tc.cer

The resulting pair of certificate (.CER) and private key (.KEY) files are your Publisher ID. They are your company's electronic signature so keep them safe and private. If they are leaked out anyone can pretend to represent your company.

Please remember you cannot just sign your SIS file with a Publisher ID for it to be installed to your phone. Unless your application requires only the following capabilities: LocalServices, ReadUserData, WriteUserData, NetworkServices, UserEnvironment or Location.

Sign your SIS file using this TC TrustCenter certificate using signsis

signsis My.SIS Signed.SIS tc.cer tc.key mypassword

When you have signed your application, you can check that it was signed with correct Publisher ID using the "signsis" tool available with your SDK.

signsis.exe -o –p mysisfile.sis

The output will be similar to the following:

Issued by :TC TrustCenter Class 2 L1 CA III.
Issued to :Symbian Foundation Ltd..
Valid from 30/03/20011 to 30/03/2012

Your SIS file is now ready for Symbian Signed submission. Note that the SIS file cannot be installed until it has been processed by Symbian Signed and returned to you.

4. Verifying the account

Account verification is needed to identify your company and the fact that you have a Publisher ID. Please make sure your account has the Country information, if it is not you cannot verify your account!

The SIS file used to verify the account must not have multiple signatures, so it is recommended to use the provided SIS file. Also, when signing, please don't change the file extension; *.SIS, or *.sisx may result a verification error. The actual file recognition problem has been fixed, but in case any problems occur when using the SIS file we provide, those two should be the first items to check.

SIS verification.png

5. Development Certificates

To request new development certificate, you must request for UIDs of your applications first, if not it does not allow you to request for development certificate, because in the new portal, development certificate associated with application UIDs also.

Add IMEI numbers: There are two ways to add IMEI numbers of the devices on which your application will run:

  1. Enter all your devices IMEI numbers manually.
  2. You can upload all IMEIs stored in .txt files form your local machine.
Add imei.jpg

How to request new UIDs:

Using ManageUIDs tab, you can request for new UIDs, and you will see allocated UIDs for your applicaions from previouse requests.You can edit application names and version numbers of allocated UIDs. There are two types of UIDs:

  1. Protected UIDs
  2. Unprotected UIDs.

What's the difference between "Protected" and "Unprotected range" UIDs?

  • Any UID values less than or equal to 0x7FFFFFFF are classed as "protected" and are only intended for use with signed applications (or those pre-installed in ROM). The software installer will refuse to install an unsigned application if it uses a package UID in the protected range.
  • New UID allocations will start from 0x20000000 for the protected range and from 0xA0000000 for the unprotected range.

Application needs more capabilities?

If you application needs more than system, user capabilities,then you need to request for manfacturer capabilities.you need to request them by using AllFiles,DRM,TCB Tab in the portal. For details about it,you can refer to 8. AllFiles, DRM, TCB & Invitation only chapter of this wiki page.

After all these,Click on Download Certificate tab to download your certificate, key. Then it would display download window to save deveoloper certificate, key local to your machine.


Tip: You can use the updated DevCerList tool to list the contents of your developer certificate in order to verify that it matches your requested capabilities, allocated UIDs and supported device IMEIs.

6. Content ID

Content IDs are signing tokens for the Express Signed service. One application signing event consumes one Content ID. Content IDs are sold via our PayPal seller service; one content ID costs 10 Eur plus VAT.

ContentID 1.png

Click on 'purchase'

ContentID 2.png

Set the amount of Content IDs to purchase. The service will direct you to our PayPal service (seller is Nokia). Complete the purchase on PayPal. You will receive an invoice for your purchase into the e-mail address you have specified in your user account.

7. Express Signed

  1. Login to Symbian Signed and check that your account is verified.
  2. Check that your account has unused Content IDs
  3. Click "Submit app for Signing" and fill in the application details
    Submit app step 01.jpg

  4. Submit for analysis. Analysis will take a few seconds.
    Analysis in progress.jpg

    Check that your account has at least one unused content ID (see the top bar on the screen - here shown 5 content IDs). If you have no Content IDs the Express Signed will not be presented as a signing option.
  5. Once your submission is verified click "Complete Signing".
    App verified.jpg

  6. Select "Express Signed" for the process and click "Next Step" to submit your application for signing.
    Choose process.jpg

  7. After successful submission you'll get your application signed and downloadable from the portal. You will also receive an e-mail with a link to download the signed application.
    Download app express signed.jpg

8. Certified Signed

In this option the test house will test your application and sign it when it has passed the testing. One test round has a cost of 230€.

After your application has been successfully verified you can select the option of “Complete Signing” and through it submit the application to the test house. Please follow the following steps:

A) Please make sure you have provided all the needed data for Sogeti to test your application. For example license to use the application or potential usernames and password.
B) Before submitting you need to accept the Sogeti legal agreement.
C) After you have submitted the application, Sogeti will e-mail you a quotation of the testing cost which you need to approve by replying to the e-mail.

You have two possibilities to pay for this service:
  1. By credit card, the quotation e-mail contains a link to our online shop. This link is specific to your submission and you will access directly to your basket on our online store. There you will have the possibility to choose the service level and to pay with your credit card.
  2. By wire transfer. If you prefer to order a wire transfer, Sogeti High Tech Banking details are listed within the quotation e-mail.

D) When you have paid the test, please provide Sogeti with the proof of payment. For example a scanned copy of your transaction. Only after Sogeti has been paid you can receive the test report and/or the signed application.

If you have failed the testing please assure that you have fixed all the errors and you have not provided any additional errors. Additionally you should consider the fact that each test round has an additional cost.

9. AllFiles, DRM, TCB & Invitation only side of Symbian Signed

  • Main requirements:
    1. A valid and accepted technical justification to use AllFiles, DRM or TCB
    2. Your company is known to us
    3. We have a legal agreement about the capability use
    4. Your application complies with Symbian Signed and additional Nokia criteria
  • For technical reasoning it is advisable to provide as detailed information about your application and the use of the AllFiles, DRM or TCB as possible. If your company is not known to us earlier we may come back to you and ask for more details.
  • After we have accepted your technical reason for using AllFiles, DRM or TCB, we will grant you access to the Development Certificates with the capabilities you have requested. Later we can grant your account access rights to our Invitation only side of Symbian Signed web site allowing you to submit an application to a test house with AllFiles, DRM or TCB.

10. Requesting Waivers

Using waivers is allowed for verified users only. If your account hasn’t been verified yet, please do so before applying for waivers.

Once verified, your dashboard will show you a tab labelled ‘Waivers’. From here you can submit new waiver requests. The requests will be listed by their status, and for each application you have requested them for. After an admin has approved your waiver you can use that with your application submission when submitting to either Express Signed or Certified Signed. The selected test house will see your waiver along with your application information and will act accordingly. Note that the waiver is linked to an application by the UID given on your waiver request. Be sure to give your application UID in the correct format '0x2........'. You can write multiple waivers for one UID, and these waivers can all have different app name defined (e.g. when submitting different language variants of the same application).

Please note that if your application is not associated with a waiver it must then conform to the Symbian Signed (and Nokia test) criteria to the letter – and will be failed in the tests if it doesn’t!

Filling out a waiver

Please take time and care when filling in a waiver request. If it does not include enough information – or clearly enough – it will be rejected and you will need to go through the trouble of re-writing the same request!

You should write out the following:

  • Correct application UID! If you enter a wrong UID the waiver will not be attached to your application.
  • Your application (Functional Description); what the application does and why.
  • The test case your application is not able to pass without this waiver (Failure Description). It is most helpful if you can describe how this test will fail with your application. You can also attach images etc. for clarification.
  • Then the most important part (Functional Justification): why should this application be granted the waiver; what are the technical grounds on which the application will not conform to the test criteria, and thus needs this waiver?
Waiver descr.png
  • Any device manufacturer or network operator contacts (Waiver Sponsors) who can give additional information regarding this application and the special needs (this is an optional tab and can be left empty).

820 page views in the last 30 days.

Was this page helpful?

Your feedback about this content is important. Let us know what you think.


Thank you!

We appreciate your feedback.