×
Namespaces

Variants
Actions
(Difference between revisions)

Verisign signing - Java ME

From Nokia Developer Wiki
Jump to: navigation, search
senthil_k (Talk | contribs)
(New page: Inorder for a commercial application which requires access to some specific APIs like JSR 75,JSR 205, JSR 135 etc requires the application to be signed by a professional certificate from t...)
 
hamishwillee (Talk | contribs)
m (Hamishwillee - Fix categories)
 
(11 intermediate revisions by 6 users not shown)
Line 1: Line 1:
Inorder for a commercial application which requires access to some specific APIs like JSR 75,JSR 205, JSR 135 etc requires the application to be signed by a professional certificate from third party certificate providers like Verisign or Thawte. Before buying out any certificate from these third parties, you have to make sure that the target phone's of your device supports these certificate. You can check it in the settings session of the target Mobile device.
+
[[Category:Signing and Certification on Java ME]][[Category:How To]]
 +
{{ArticleMetaData <!-- v1.1 -->
 +
|sourcecode= <!-- Link to example source code e.g. [[Media:The Code Example ZIP.zip]] -->
 +
|installfile= <!-- Link to installation file (e.g. [[Media:The Installation File.sis]]) -->
 +
|devices= <!-- Devices tested against - e.g. ''devices=Nokia 6131 NFC, Nokia C7-00'') -->
 +
|sdk= <!-- SDK(s) built and tested against (e.g. [http://linktosdkdownload/ Qt SDK 1.1.4]) -->
 +
|platform= <!-- Compatible platforms - e.g. Symbian^1 and later, Qt 4.6 and later -->
 +
|devicecompatability= <!-- Compatible devices e.g.: All* (must have internal GPS) -->
 +
|dependencies= <!-- Any other/external dependencies e.g.: Google Maps Api v1.0 -->
 +
|signing= <!-- Signing requirements - empty or one of: Self-Signed, DevCert, Manufacturer -->
 +
|capabilities= <!-- Capabilities required by the article/code example (e.g. Location, NetworkServices. -->
 +
|language= <!-- Language category code for non-English topics - e.g. Lang-Chinese -->
 +
|translated-by= <!-- [[User:XXXX]] -->
 +
|translated-from-title= <!-- Title only -->
 +
|translated-from-id= <!-- Id of translated revision -->
 +
|review-by= <!-- After re-review: [[User:username]] -->
 +
|review-timestamp= <!-- After re-review: YYYYMMDD -->
 +
|update-by= <!-- After significant update: [[User:username]]-->
 +
|update-timestamp= <!-- After significant update: YYYYMMDD -->
 +
|creationdate= 20080129
 +
|author= [[User:Senthil k]]
 +
}}
  
I also came across this requiremnt of signing the application. For this I had gone for verisgn certificate & here is the procedure on how to get a Verisign certificate & Test your application
 
  
Step 1:
+
A commercial application which requires access to some specific APIs like JSR 75, JSR 205, JSR 135 etc. benefits from getting signed with a commercial certificate from third party certificate providers like [http://www.verisign.com VeriSign] or [http://www.thawte.com Thawte]. Before buying any certificate from these third parties, you have to make sure that the target phone's of your device has the corresponding root certificate installed and set to allow MIDlet signing. You can check this from the settings of the target mobile device.
you should have the latest JDK installed in the system.
+
  
Step 2:
+
The following paragraphs contain the description of the process and steps required to get a certificate from VeriSign and to sign & test you MIDlet.
  
 +
==Getting the certificate==
 +
 +
===Step 1===
 +
Make sure, you have the latest JDK installed on your computer.
 +
 +
===Step 2===
 
Create a keystore
 
Create a keystore
  
 
You have to generate a public/private key pair, for this enter the following command, specifying a name for your keystore and an alias as well.
 
You have to generate a public/private key pair, for this enter the following command, specifying a name for your keystore and an alias as well.
  
 +
<code>
 
C:\jdk1.3\bin\keytool -genkey -keyalg rsa -keystore <keystore_filename> -alias <alias_name>
 
C:\jdk1.3\bin\keytool -genkey -keyalg rsa -keystore <keystore_filename> -alias <alias_name>
 +
</code>
  
 
Keytool prompts you to enter a password for your keystore, your name, organization, and address.
 
Keytool prompts you to enter a password for your keystore, your name, organization, and address.
 
The public/private key pair generated by keytool is saved to your keystore and will be used to sign J2ME applications. This key is never sent to VeriSign and is required to sign code. So you should make a copy of the public/private key pair and store it in a safe deposit box or other secure location. If the key is lost or stolen, contact VeriSign immediately to have it revoked.
 
The public/private key pair generated by keytool is saved to your keystore and will be used to sign J2ME applications. This key is never sent to VeriSign and is required to sign code. So you should make a copy of the public/private key pair and store it in a safe deposit box or other secure location. If the key is lost or stolen, contact VeriSign immediately to have it revoked.
  
Step 3:
+
===Step 3===
  
 
Create a CSR
 
Create a CSR
Line 28: Line 55:
  
 
2. Begin the enrollment process for a Code Signing ID from the products and services section of the VeriSign Web site.
 
2. Begin the enrollment process for a Code Signing ID from the products and services section of the VeriSign Web site.
 +
 
3. Copy the contents of the CSR and paste them directly into the VeriSign enrollment form. Open the file in a text editor that does not add extra characters (Notepad or Vi are recommended).
 
3. Copy the contents of the CSR and paste them directly into the VeriSign enrollment form. Open the file in a text editor that does not add extra characters (Notepad or Vi are recommended).
  
This is the end of requesting the certificates from Verisign.
+
This is the end of requesting the certificates from VeriSign.
  
Now Comes the signing part:
+
==Signing the MIDlet==
  
Step 1:
+
===Step 1===
  
After verisign has verified your request, they will send an email with the digital id attached.
+
After VeriSign has verified your request, they will send an email with the digital id attached.
 
You have to import it to the keystore.
 
You have to import it to the keystore.
  
 
To import your Sun Java Signing Code Signing Digital ID into your keystore, enter the following code with the path correct name for your file (for example, "cert.cer") to your Code Signing Digital ID.
 
To import your Sun Java Signing Code Signing Digital ID into your keystore, enter the following code with the path correct name for your file (for example, "cert.cer") to your Code Signing Digital ID.
  
 +
<code>
 
C:\jdk1.3\bin\keytool -import -trustcacerts -keystore <keystore_filename> -alias <alias_name> -file cert.cer
 
C:\jdk1.3\bin\keytool -import -trustcacerts -keystore <keystore_filename> -alias <alias_name> -file cert.cer
 +
</code>
  
Step 2:
+
===Step 2===
  
 
Now sign the application by the two command prompt
 
Now sign the application by the two command prompt
  
 +
<code>
 
java -jar JadTool.jar [ -addcert -alias keyAlias [ -keystore keystore ] [ -storepass password ]  -inputjad inputJadFile -outputjad outputJadFile ]
 
java -jar JadTool.jar [ -addcert -alias keyAlias [ -keystore keystore ] [ -storepass password ]  -inputjad inputJadFile -outputjad outputJadFile ]
 +
</code>
  
java -jar JadTool.jar [ -addjarsig [ -jarfile jarFile ] -alias keyAlias [ -keystore keystore ]   -storepass password -keypass keyPassword    -inputjad inputJadFile -outputjad outputJadFile ]
+
<code>
 
+
java -jar JadTool.jar [ -addjarsig [ -jarfile jarFile ] -alias keyAlias [ -keystore keystore ] -storepass password -keypass keyPassword    -inputjad inputJadFile -outputjad outputJadFile ]
For all the signing steps Courtesy:
+
</code>
  
[http://www.verisign.com/support/code-signing-support/code-signing/digital-id.html Verisign]
+
For all the signing steps, Courtesy:
  
[http://java.sun.com/javame/reference/docs/sjwc-2.0-web/docs/ToolsGuide-html/jadtool.html#50556936_22809 Sun Signing]
+
* [https://knowledge.verisign.com/support/code-signing-support/index?page=content&id=AR185 VeriSign]
  
[[Category:Java]]
+
* [http://download.oracle.com/javame/config/cldc/cldc-opt-impl/sjwc-2.0-web/docs/ToolsGuide-html/jadtool.html#50556936_22809 Sun Signing]

Latest revision as of 05:47, 25 July 2013

Article Metadata
Article
Created: senthil_k (29 Jan 2008)
Last edited: hamishwillee (25 Jul 2013)


A commercial application which requires access to some specific APIs like JSR 75, JSR 205, JSR 135 etc. benefits from getting signed with a commercial certificate from third party certificate providers like VeriSign or Thawte. Before buying any certificate from these third parties, you have to make sure that the target phone's of your device has the corresponding root certificate installed and set to allow MIDlet signing. You can check this from the settings of the target mobile device.

The following paragraphs contain the description of the process and steps required to get a certificate from VeriSign and to sign & test you MIDlet.

Contents

[edit] Getting the certificate

[edit] Step 1

Make sure, you have the latest JDK installed on your computer.

[edit] Step 2

Create a keystore

You have to generate a public/private key pair, for this enter the following command, specifying a name for your keystore and an alias as well.

C:\jdk1.3\bin\keytool -genkey -keyalg rsa -keystore <keystore_filename> -alias <alias_name>

Keytool prompts you to enter a password for your keystore, your name, organization, and address. The public/private key pair generated by keytool is saved to your keystore and will be used to sign J2ME applications. This key is never sent to VeriSign and is required to sign code. So you should make a copy of the public/private key pair and store it in a safe deposit box or other secure location. If the key is lost or stolen, contact VeriSign immediately to have it revoked.

[edit] Step 3

Create a CSR

You need to generate a Certificate Signing Request (CSR) for the enrollment process.

1. The following command requests Keytool to create a CSR for the key pair in the keystore:

 C:\jdk1.3\bin\keytool -certreq -file certreq.csr -keystore <keystore_filename> -alias <alias_name>

2. Begin the enrollment process for a Code Signing ID from the products and services section of the VeriSign Web site.

3. Copy the contents of the CSR and paste them directly into the VeriSign enrollment form. Open the file in a text editor that does not add extra characters (Notepad or Vi are recommended).

This is the end of requesting the certificates from VeriSign.

[edit] Signing the MIDlet

[edit] Step 1

After VeriSign has verified your request, they will send an email with the digital id attached. You have to import it to the keystore.

To import your Sun Java Signing Code Signing Digital ID into your keystore, enter the following code with the path correct name for your file (for example, "cert.cer") to your Code Signing Digital ID.

C:\jdk1.3\bin\keytool -import -trustcacerts -keystore <keystore_filename> -alias <alias_name> -file cert.cer

[edit] Step 2

Now sign the application by the two command prompt

java -jar JadTool.jar [ -addcert -alias keyAlias [ -keystore keystore ] [ -storepass password ]   -inputjad inputJadFile -outputjad outputJadFile ]
java -jar JadTool.jar [ -addjarsig [ -jarfile jarFile ] -alias keyAlias [ -keystore keystore ]  -storepass password -keypass keyPassword    -inputjad inputJadFile -outputjad outputJadFile ]

For all the signing steps, Courtesy:

This page was last modified on 25 July 2013, at 05:47.
274 page views in the last 30 days.

Was this page helpful?

Your feedback about this content is important. Let us know what you think.

 

Thank you!

We appreciate your feedback.

×