-
Module Signing
Hi all,
i am planning a symbian 9.x application, which needs access to the telephony functions. In this case the sis file must be symbian signed.
My idea is to write a small exe application, which handels all actions that needs symbian signing. A second app will be delivered as the user interface, which needs no signing.
Both programs will communicate asynchronous over processes (client/server).
So i can change the gui of the client app and can deliver this app to use telephony functions without new signing processes.
Is that's right? Can small exe programs without a gui (like an api) be symbian signed?
I think so, because the EXE-Start-On-Boot-Api is symbian signed and this application is only an api.
The unsigned client gui will depend on the own symbian signed telephony api. Both will delivered in one sis file (embedded sis).
Thanks for your answers...
-
Re: Module Signing
That should work.
A .sis file can be signed with self-signed certificate and contain other .sis files the are signed with Symbian Signed (and require high-level capabilities).
Antony
-
Re: Module Signing
In theory it would work, in practise I think it would be failed as the intention is to bypass Symbian signed and leak capabilities. You would also be signing up to some pretty heavy legal implications for what you want to do and there is no way you could prevent others misusing your application.
Effectivly you are introducing a security hole into the system which others could exploit.
Are you sure you need to get Symbian signed anyway, the telephony API's for the most part require user granted capabilities anyway.
What is this "start on boot api" you are talking about? I think this is a 2nd edition API and not a 3rd edition one
-
Re: Module Signing
Thx for the fast answers...
In this case I think that every Symbian Signed EXE (implemented as server) is a security hole, isnt it?
Yes, the start on boot api is for s60 2nd edition, but the filename contains Symbian Signed: exestartonboot_s60v2_0_SymbianSigned.SIS
Thx again...
-
Re: Module Signing
No, because the servers police their own own capabilities by checking the capabilities of the calling process via SecureId, Vendor Id and HasCapability. All (ok most) servers should be derived from CPolicyServer
Lets say you wanted to allow anyone to copy DRM protected tracks, so your server installation was signed with DRM capability. You would need to ensure that only clients connecting had DRM capability to prevent any application hijacking your server.
So you could say, well I will check the SID and make sure only my SID can call the functions. The problem is that the SID you have chosen would be in the unprotected range and thus subject to spoofing so for example I could create an application with the same SID and hijack your executable to strip files of their DRM content locks.
In 2.x signing was there to verify that you had an untampered sis file, there was no capability model.
-
Re: Module Signing
hmmm ok,
that makes sense...
thank you
-
Re: Module Signing
As I said, you will probably find the capabilities you need are user grantable anyway meaning you will need to be signed.
