Signing with multiple certificates

[drazvan]

Hello everyone,

A client I'm developing an application for has purchased 3 separate certificates for Java Application signing. One is Verisign, the second one is Thawte and the third one is the Symbian ACS certificate (which is not normally used for Java application signing but we noticed that the Nokia 9300 they were using in testing allowed Java installations signed with that cert).

Anyway, we are trying to sign the application with all 3 keys, hoping that the phone will pick a certificate that it recognizes and verify it. I'm signing with Carbide.j 1.5. This is the resulting JAD:


-----------------------------------------------------
MIDlet-1: xxxxxx, /icon.png, xx.xx.xx.xxxxxxxxxxxxxx
MIDlet-Jar-Size: 186279
MIDlet-Jar-URL: xxxx.jar
MIDlet-Name: xxxxxxxxxxxx
MIDlet-Permissions: javax.microedition.io.Connector.file.read, javax.microedition.io.Connector.file.write, javax.microedition.io.Connector.http, javax.microedition.io.Connector.bluetooth.server, javax.microedition.io.Connector.socket, javax.microedition.io.Connector.https
MIDlet-Vendor: XXX xxxxxxxx
MIDlet-Version: 0.70
MicroEdition-Configuration: CLDC-1.1
MicroEdition-Profile: MIDP-2.0
MIDlet-Certificate-1-1: MIIExDCCA6ygAwIBAgIQP7Bd6NRU/ZNFJS/kgPrRDzANBgkqhkiG9w0BAQUFADCBt[...]spWucyhmTifu2+K+7MlgORwa4qTVB4UOz/VRLIgkHAVYFdP2xSdFSG1h07Hfedblmjq
MIDlet-Certificate-1-2: MIIEvzCCBCigAwIBAgIQQZGhWjl4389JZWY4HUx1wjANBgkqhkiG9w0BAQUFADBf[...]4C6BzYCjbFJPkXVViroi8tLqQXWIL2NVfR5UWpVZytk0gcBfXvZ6tQ==
MIDlet-Certificate-2-1: MIIDOzCCAqSgAwIBAgIQR67tFcyxZFS6NJ0v4o/LqDANBgkqhkiG9w0BAQUFADBV[...]dJBufhjxG6ztdl3adRmzwtHGENzeQVbLwMfM59gpbSRCV4uLJO0/HJ+kXA3Q+
MIDlet-Certificate-2-2: MIIDTjCCAregAwIBAgIBCjANBgkqhkiG9w0BAQUFADCBzjELMAkGA1UEBhMCWkEx[...]XV2ZjAe9N+Cii+986IMvx3bnxSimnI3TbB3SOhKPwnOVRks7+YHJOGv7A==
MIDlet-Certificate-2-3: MIIDJzCCApCgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBzjELMAkGA1UEBhMCWkE[...]UZa4JMpAwSremkrj/xw0llmozFyD4lt5SZu5IycQfwhl7tUCemDaYj+bvLpgcUQg==
MIDlet-Certificate-3-1: MIIElzCCA3+gAwIBAgIQbx4GjZlPr2MZIwNmcI1YdDANBgkqhkiG9w0BAQUFADCBt[...]cihn41nf/EBnqRBQgMD/3iveRsexPepFZagb9zbxV/AjYfuqATG1JBbdR1jBl5d
MIDlet-Certificate-3-3: MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAk[...]ufTqj/ZA1k
MIDlet-Jar-RSA-SHA1: g20WU4AaUKAeAMeWruzxu4FmK2KDKYJbp4WMQbxQZp0bwEJiuNjQn1sLuSCC2ie[...]bR+tzNVpI/ZBme50Nklstyn95b0VvAJNNxiiBhK4tpA=
-----------------------------------------------------------------

Unfortunately it doesn't install on any of our test phones, it triggers a security warning and fails to install. Signing with one certificate works (e.g. Verisign or Thawte on other phones). But all the phones we tested seem to be very confused by the presence of multiple certificates.

Is there any way to sign the application with more than one key and have the phone pick the one it knows about / trusts? Or does it have an "all or nothing" policy and tries to verify all 3 certificates (in which case it will fail in most cases).

Any suggestions would be appreciated. Thank you!
Razvan

--
Razvan Dragomirescu
Chief Technology Officer
Cayenne Graphics SRL

[traud]

I do not think anyone tried so far – anyone else here? I am very interested in this topic, too. First of all, let use see what the MIDP 2 specification in Chapter 4.1.4.3 says about this topic:

If multiple CA’s are used then all the signer certificates in the application descriptor MUST contain the same public key.

I have not tested this yet, so I am not sure I understand this sentence. Does it make sense to you? Have you followed this rule?

Additionally, first of all I would avoid using this Symbian OS certificate. Although it should not be a problem VeriSign+thawte should be enough. Or am I wrong in this topic? Actually, when everything works, you can even have a fourth an own self-signed certificate.

If you have a Nokia S60 2nd Edition device around, try the self-signed certificate procedures presented here in Forum Nokia Discussions either with two self-signed CAs or with one self-signed CA and one known public key of your bought certificates.

Please keep us updated. In future, please use the code tag here and do be so kind not to shorten certificate entries. Complete ones might help others, too.

[jstreb]

Hello, I was curious if anyone had any luck with this? We are trying to do the same thing, currently we have been signing our midlet with a verisign certificate however, we have run into problems with these certs working on a t-mobile razr. The t-mobile razr was missing the root cert.

Anyway, we purchased a thawte and cybertrust cert which we can get to work if sign the midlet with just that certificate. However, if we sign it with the verisign and thawte certificatethen it does not work. Does anyone know a way to sign it with both.

[hartti]

Are your customers downloading the MIDlet from your web server? You could check the phone model and serve a correct JAD file based on the User Agent information.

Hartti

[jstreb]

Yes we are downloading from our site but I am hoping to avoid having to have a different build each phone. Correct me if I am wrong but when I sign a midlet both the .jar and the .jad are changed, correct? I assume this because when I sign it the size of the .jar is changed.

We could use the user-agent and send them the right file if we knew the root certs that were on each phone, without having to test it. Is there a database somewhere that has this info? I haven't been even able to determine which certs are on my Nokia 6103.

My hope was to sign the midlet with all the 3rd party certificates we could and hope that the phone would find one that it would work for. Is this just wishful thinking?

Any help in this area would be much appreciated, it has been a frustrating process so far.

[hartti]

"Correct me if I am wrong but when I sign a midlet both the .jar and the .jad are changed, correct?"

Nope. Just the JAD file is changed (signing info is added).

The other thing is that the 3rd party domain might not have enough access rights on phones from certain operators (like it seems to be the case with T-Mobile)

Hartti

[traud]

we purchased a […] cybertrust cert

Is this for code signing? Do you have a link? I am aware of VeriSign, thawte and Java Verified only.

[t0n1c]

Have you found any solution for the problem?
We're currently facing the same dilema with no success.

Hello, I was curious if anyone had any luck with this? We are trying to do the same thing, currently we have been signing our midlet with a verisign certificate however, we have run into problems with these certs working on a t-mobile razr. The t-mobile razr was missing the root cert.

Anyway, we purchased a thawte and cybertrust cert which we can get to work if sign the midlet with just that certificate. However, if we sign it with the verisign and thawte certificatethen it does not work. Does anyone know a way to sign it with both.

[hartti]

T-Mobile U.S. phones do not have trusted 3rd party domain at all (meaning also that there are no Verisign or Thawte certificates which could be used for signing). You need to contact T-Mobile U.S. for getting your MIDlet signed
http://blogs.forum.nokia.com/view_entry.html?id=379

Hartti

[browndrf]

MIDP 2 Spec

Creating the Signing Certificate
1. The signer will need to be aware of the authorization policy for the device and contact the appropriate
certificate authority. For example, the signer may need to send its distinguished name (DN) and public key
(normally, packaged in a certificate request) to a certificate authority.
2. The CA creates a RSA X.509 (version 3) certificate and returns it to the signer.
3. If multiple CA’s are used then all the signer certificates in the application descriptor MUST contain the
same public key.
Insert Certificates into the application descriptor
1. The certificate path includes the signer certificate and any necessary certificates but omitting the root
certificate. The root certificate will be found on the device.
2. Each certificate in the path is encoded (using base64 but without line breaks) and inserted into the
application descriptor as:
MIDlet-Certificate-<n>-<m>: <base64 encoding of a certificate>
<n>:= a number equal to 1 for first certification path in the descriptor or 1 greater than the previous number for
additional certification paths. This defines the sequence in which the certificates are tested to see if the
corresponding root certificate is on the device. See the Authenticating a MIDlet suite section below.
<m>:= a number equal to 1 for the signer’s certificate in a certification path or 1 greater than the previous
number for any subsequent intermediate certificates.
Creating the RSA SHA-1 signature of the JAR
1. The signature of the JAR is created with the signers private key according to the EMSA-PKCS1-v1_5
encoding method of PKCS #1 version 2.0 standard[RFC2437].
Protection Domain Root Certificate A certificate associated with a protection domain that the
device implicitly trusts to verify and authorize downloaded
MIDlet suites
Trusted MIDlet Suites using X.509 PKI
31
2. The signature is base64 encoded, formatted as a single MIDlet-Jar-RSA-SHA1 attribute without line
breaks and inserted in the application descriptor.
MIDlet-Jar-RSA-SHA1: <base64 encoding of Jar signature>

Razvan,
Can u please post the whole JAD file ? Are there multiple MIDlet-Jar-RSA-SHA1 at the end or only one ? The spec above says Signature of the jar is created with the signer's private key - which means is there are multiple root CA signers, there should be multiple signatures ? - Apparently I have'nt tried it.


Also the table on Page 31 says the way the signer should be verified:

If result is

More than one full certificate path established and validated

Then action is

Implementation proceeds with the signature verification
using the first successfully verified certificate path is used
for authentication and authorization.

To me this sound like implementation should iterate thru different root signers.

What you think ?

[mmunte]

Hi Razvan,

have you solved this issue? It would be of great help if you could post your solution. We just got send home by a MNO because they could not install our demo application.

Thank you very much,
munte

[traud]

I created two custom certificate authorities and tested those on a Nokia 6680. However, you have to go for VeriSign and Thawte as certificate authorities. Consequently, the steps below are not checked in a real world example and could be wrong. The following assumes Microsoft Windows as operating system. If you find a bug or if you have (understanding) problems, please register at Forum Nokia and reply to this thread. Before asking, make sure to go through every link in this post because these contain a lot of background information.

My solution is to use the same certification request (*.csr) for all CAs, create this CSR only once! The Nokia Guide shows an example in chapter 3.5.2 how to use Sun keytool. In your JAD, make sure MIDlet-Jar-URL property is a relative URL as some tools have problems with absolute (http:// in front) ones. Before you begin, create one copy of your JAD file for each certificate authority plus one more because every signing process will override the exiting file. Create a keystore and this CSR. If you want to sign with another authority in the future, make sure the your CSR is still valid, therefore double-check the default values of keytool.

Sign the first copy of your JAD-file. This will be a self-created CA-certificate for development cycle. This can be used in the Nokia Series 40 platform SDKs and on real phones (only Nokia S60 2nd Edition and Nokia Series 80 2nd Edition).

Make a backup-copy of the current keystore (‘ownCA.sks’) in the Explorer. Send the CSR to VeriSign and Thawte. After receiving the reply, import it into your keystore. Do not import all replies at once. Just start with the first one.

Sign the second copy of your JAD-file. Then again make a backup-copy of the current keystore (‘verisign.sks’) in the Explorer.

Import the second reply and sign the third copy of your JAD. After that, do not forget to create a backup-copy of your current keystore (‘thawte.sks’)

Open all these JADs and check the MIDlet-Jar-RSA-SHA1 property. It has to be the same in all JADs. Then copy this property and each MIDlet-Certificate-1-1 to the initial JAD (the one without MIDlet-Jar-RSA-SHA1). Change the first ‘1’ (one) appropriately (1, 2, 3, …). Then copy each MIDlet-Certificate-1-2, however, only for those JADs which have a MIDlet-Certificate-1-3, too (do not include the root certificate itself). If you have done that, select ‘save as’ this JAD not to loose your unsigned JAD. This JAD should contain

Code:

… rest of your JAD
MIDlet-Certificate-1-1: your VeriSign certificate
MIDlet-Certificate-1-2: 
MIDlet-Certificate-1-3: 
MIDlet-Certificate-2-1: your Thawte certificate
MIDlet-Certificate-2-2: 
MIDlet-Certificate-2-3: 
MIDlet-Certificate-3-1: your self-signed certificate
MIDlet-Jar-RSA-SHA1: …

Install your MIDlet (JAR and this JAD) on your emulators and testing phones. If it fails, double-check common pitfalls…

Is this the holy grail? Unfortunately, it is not as your signed MIDlet still fails to install when not one of these authorities is installed and enabled for application signing on your device. Additionally as per MIDP 2 specification, your are not allowed to enable user-installed certificates for application signing. To avoid this issue in the future, please, please do not forget to comment to MIDP 3…

Bugs. For example my Nokia 6680 allows this procedure, even if one of the certificates is missing, even the order in the JAD is not important. However, on my Nokia 9300i the installation is very, very slow and fails with error 23 in the ChildInstaller and then with error 45 in the Installer (if MIDlet-Certificate-1-x does not chain up correctly?). Furthermore, there is a limit in the size of a JAD on some device. Use the above with care and test and test and test. If you have problems and avoided the common pitfalls, remove your self-signed certificate. If it still fails, remove the next certificate-chain and so on.

Recommendation: Use Java Verified instead of VeriSign + thawte. The Ovi Store team will guide you through its process.

I'm signing with Carbide.j 1.5.

Could you tell me, how you used it? I am not able to create a JAD containing several chains using the graphical signing tool of Nokia Carbide.j or Sun Wireless Toolkit. I have to use the JadTool.jar and tweak its chainnum argument.

Code:

$ java -jar JadTool.jar -addjarsig -jarfile myMIDlet.jar -inputjad myMIDlet.jad -outputjad myMIDletSigned.jad -alias mykey -keystore ownCA.sks
$ java -jar JadTool.jar -addcert -inputjad myMIDletSigned.jad -outputjad myMIDletSigned.jad -alias mykey -keystore verisign.sks -chainnum 1
$ java -jar JadTool.jar -addcert -inputjad myMIDletSigned.jad -outputjad myMIDletSigned.jad -alias mykey -keystore thawte.sks -chainnum 2
$ java -jar JadTool.jar -addcert -inputjad myMIDletSigned.jad -outputjad myMIDletSigned.jad -alias mykey -keystore ownCA.sks -chainnum 3

-alias, -storepass, -keypass, -jarfile, -inputjad and -outputjad must be changed for your environment.

all the phones we tested seem to be very confused by the presence of multiple certificates.

Which phones have you tested? By the way, for those who want to test their target devices before buying a certificate (thawte, VerSign, Java Verified, dual, …), follow-up there …

[alixwarnke]

Additionally as per MIDP 2 specification, your are not allowed to enable user-installed certificates for application signing.

Where in MIDP 2.0 is that stated?

[traud]

alixwarnke, do these links help?
http://www.developer.nokia.com/Community/Discussion/showthread.php?p=308589
http://www.developer.nokia.com/Community/Discussion/showthread.php?p=216370
http://www.developer.nokia.com/Community/Discussion/showthread.php?t=123654

[alixwarnke]

traud: Yes! I found the statement on page 505 in the specification. Thanks.