Is PIPS & SSL required signing separately for signing an application?

[jupitar]

Hi,

My application, packages SSL & PIPS1.2 both in the pkg file. So I want to know whether is it require to do the separate sigining for PIPS & SSL as well?

-Jupitar

[wizard_hu_]

Those files are signed already.

[jupitar]

Thanks wizard_hu_ for the reply.

Can you also let me know, how do u make sure that these sis files are already signed. ANy link in this regard will be very helpful.

[wizard_hu_]

It is pretty obvious that if you can install a .sis/x file on the device, it is signed.
Otherwise signsis -o can tell you about signatures:

Code:

C:\Work\SymbianCPP\HelloWorld\sis>signsis -o HelloWorld.sis
No primary signatures.

C:\Work\SymbianCPP\HelloWorld\sis>signsis -o HelloWorld.sisx

Primary:
Issued by Wizard.
Issued to AUT.
Valid from 17/03/2008 to 17/03/2009.

C:\Work\SymbianCPP\HelloWorld\sis>

[jupitar]

Thanx wizard_hu_

[jupitar]

hi wizard_hu_

signsis -o is for checking any certificate attached to sis file, if it is. Correct me if i am wrong.

I checked with helloworld and my generated keys and password and the result was as

C:\S60Ex\helloworldbasic\sis>signsis -o signsi.sis

Primary:
Issued by Joe Bloggs.
Issued to Development.
Valid from 11/08/2008 to 11/08/2009.


So my question(confirmation) is about PIPS & SSL. PIPS seems fine because one of its signature says the word "ACS". But in case of SSL.sis, i didnt find any ACS word.

Here is the certificate signature from SSL:

Primary:

Embedded:
Issued by Nokia Online CA.
Issued to Nokia.
Valid from 14/03/2008 to 14/03/2013.
Issued by Nokia Content Signing CA.
Issued to Nokia.
Valid from 22/10/2007 to 20/10/2012.
Issued by Nokia Online CA.
Issued to Nokia.
Valid from 14/03/2008 to 14/03/2013.
Issued by Nokia Content Signing CA.
Issued to Nokia.
Valid from 22/10/2007 to 20/10/2012.

Embedded:
Issued by Nokia Online CA.
Issued to Nokia.
Valid from 14/03/2008 to 14/03/2013.
Issued by Nokia Content Signing CA.
Issued to Nokia.
Valid from 22/10/2007 to 20/10/2012.
Issued by Nokia Online CA.
Issued to Nokia.
Valid from 14/03/2008 to 14/03/2013.
Issued by Nokia Content Signing CA.
Issued to Nokia.
Valid from 22/10/2007 to 20/10/2012.
Issued by Nokia Online CA.
Issued to Nokia.
Valid from 14/03/2008 to 14/03/2013.
Issued by Nokia Content Signing CA.
Issued to Nokia.
Valid from 22/10/2007 to 20/10/2012.

So how do i confirm that it is symbian signed

[ltomuta]

The SIS files are signed with a valid certificate and the root certificate that is used to validate it is available on the device. Bottom line, the SIS file can be installed on the phone without limitations and no further certification is required.

Looking at it from another angle: you only sign binaries that you build and let the developers of other 3rd party components worry about the deployment of the binaries they release.