You Are Here:

Community: Wiki

This page was last modified on 6 September 2009, at 20:22.

How to guide for creating/signing sis files

From Forum Nokia Wiki

(Redirected from Certificates and their uses)
Reviewer Approved   

This article explains about creating and signing .sis files. It applies to Symbian OS 9 (or newer) and S60 3rd Edition (or newer). For earlier Symbian OS or S60, signing is not mandatory.

Contents

Creating .sis files

A .sis file is created from .pkg file using makesis tool, a standalone command line tool. For example: 

makesis myapp.pkg

The command above creates myapp.sis from myapp.pkg.

In case of your PKG-file was generated by Carbide.c++, you will get error, something like this: 

Error : Cannot find file $(EPOCROOT)Epoc32\release\$(PLATFORM)\$(TARGET)...

To avoid this error, you should replace macroses $(EPOCROOT), $(PLATFORM), $(TARGET) with the real pathes to the files.


Signing .sis files

Signing a .sis file can be done using signsis tool. For example: 

signsis myapp.sis myapp.sisx mycert.cer mykey.key

The example above signs myapp.sis into myapp.sisx using the certificate of mycert.cer and the private key of mykey.key.

Note that some developers give the extension of .sisx for signed file. However, it does not mean that .sis is always unsigned file. There are many .sis file that is signed.

There are several certificates that can be used for signing, i.e.:

  • Self-signed certificate
  • Developer certificate
  • Symbian Signed certificate


Self-signed certificates

An application can be signed using self-signed certificate if it does not require any capabilities that cannot be granted by the users. Technically, it means the application does not require any capability or require one (or more) of the following capabilities:

  • LocalServices
  • Location (starting with S60 3rd Edition FP2)
  • NetworkServices
  • UserEnvironment
  • ReadUserData
  • WriteUSerData

Self-signed certificate is generated by the developer and as such it cannot be trusted by the device. During installation, the users will be prompted a warning dialog saying that the application is not trusted.

This type of certificate can be used for signing commercial releases of the applications.

Developer certificate

An application has to be signed with developer certificate if it requires more than the basic capabilities above. Developer certificate is used in the testing and development phase to be able to test the application on a real device. The reason is because the certificate is bound to the IMEI. An application signed with this certificate can only be installed on a device whose IMEI is supported by the certificate.

One way to apply for developer certificate is via Symbian Signed. Some phone manufacturers may have their own developer certificates as well.

This type of certificate cannot be used for signing commercial releases of the applications.


Symbian Signed certification

Symbian Signed certification is mandatory for the application that requires extended of set capabilities, i.e. capabilities that cannot be granted by the users during installation. It is intended for public distribution, not for development. Unlike developer certificate, an application signed with this certificate can be installed on any compatible device. There is not IMEI limitation.

There are a number of requirements that have to be fulfilled to get certification. Symbian Signed performs a set of test case to the application before it can be signed with Symbian Signed certificate. The Symbian Signed certification process costs a few hundred Euros. Please check the latest requirements and cost of getting certification from Symbian Signed web site.

Note: Self-signed application does not need to go to Symbian Signed certificate. It can go through Symbian Signed if developers want to eliminate the warning dialog during installation.


Which certificate to use?

The picture below shows how to choose which certificate to use.

Image:choosing_certificate.png

  • The first question that needs to be answered is whether the signing is for development or production.
  • If it is for development, it can be self-signed certificate or developer certificate depending on the required capabilities. Note that, developer certificate can be used in both cases.
  • If it is for production, an application normally goes to Symbian Signed. The exception is when the developer does not mind distributing it as untrusted application. In which case, self-signed certificate can be used.


Batch file for creating and signing sis file

When using command line a good is to create batch file Once you have the certificate and the key file ready for your application use the following batch file to create and sign the sis file. 

makesis mypkg.pkg myappunsigned.sis
signsis -v myappunsigned.SIS myapp.sis appcertificate.cer appkey.key mypass
  • Just copy the above two lines in notepad and name the file as sign.bat
  • Copy this file in your SIS folder and whenever you need to sign just type sign.bat from the command prompt.

Internal links

External links

Retrieved from "http://wiki.forum.nokia.com/index.php/How_to_guide_for_creating/signing_sis_files"

Related Wiki Articles

Rate This

 
Bookmark this page: DeliciousDiggFacebookGoogleYahooStumbleUponRedditDiigoTechnocratiTwitter  Share this page Share this page Print this Page Print this page Invite a friend Invite a friend
京ICP备05048969号    Email Newsletters Press Terms & Conditions Privacy Policy Sitemap Contact Us © 2009 Nokia 
User Rating: qfnZuserE5FratingQNx4E2E0000X