Understanding of the complicated signing process

[whitewinds]

After designing application for S60 3rd for many months, I got some understanding about the complicated testing and signing process of symbian applications. Any comments are welcomed, to let me know whether they are right.

1. There are many ways for signing the application.
1). self-sign the application.
But the application must have a unprotected UID, and the applicable capabilities are very limited.(User granted)

2). Developer certificate request without Publish ID
Go to Symbian signed web site to get a .cer file depending on one IMEI. In this way, you can get all non-sensitive capabilities. But if you are using sensitive (manufacture) capability, such as DRM, AllFiles, you must apply them separately. (I did not apply for the sensitive capability before. Is it very difficult to apply for them? Does this process need money?)
3). Developer certificate request with Publish ID
I did not know this process.
4). Symbian signed
How much is the cost? Does it take too long? One or two week?

2. For capability setting during the signing process, I am not very clear about DLL file
For example, I have a third-party DLL file, whose capability is All -TCB, and I have my own application which calls the dll file. My own application only needs "readuserdata writeuserdata" capabilities. I packaged my application .exe file and the DLL file, together with other resource files into one sis file. My question is which capability that I need to set during signing. That is to say, if I apply a Developer certificate according to a IMEI, which capability should set in the .csr file? Are"readuserdata writeuserdata" enough?

[glassi]

After designing application for S60 3rd for many months, I got some understanding about the complicated testing and signing process of symbian applications. Any comments are welcomed, to let me know whether they are right.

1. There are many ways for signing the application.
1). self-sign the application.
But the application must have a unprotected UID, and the applicable capabilities are very limited.(User granted)

2). Developer certificate request without Publish ID
Go to Symbian signed web site to get a .cer file depending on one IMEI. In this way, you can get all non-sensitive capabilities. But if you are using sensitive (manufacture) capability, such as DRM, AllFiles, you must apply them separately. (I did not apply for the sensitive capability before. Is it very difficult to apply for them? Does this process need money?)
3). Developer certificate request with Publish ID
I did not know this process.
4). Symbian signed
How much is the cost? Does it take too long? One or two week?

2. For capability setting during the signing process, I am not very clear about DLL file
For example, I have a third-party DLL file, whose capability is All -TCB, and I have my own application which calls the dll file. My own application only needs "readuserdata writeuserdata" capabilities. I packaged my application .exe file and the DLL file, together with other resource files into one sis file. My question is which capability that I need to set during signing. That is to say, if I apply a Developer certificate according to a IMEI, which capability should set in the .csr file? Are"readuserdata writeuserdata" enough?

if the .dll is just as a .dll, then your sis file must have all -tcb. if it's a 3rd party dll you could ask to get it in a manufacturer signed .sis


from my quick testing, if i embedded all -tcb(signed..) in a self signed.. then it wouldn't install. as if the embedded sis file(with dll all -tcb) was tried with the embedding sis files signing(embedded as embedded in pkg).


workaround is to just include the sis file as a normal file, then create a seperate installer program that launches the installer app on the sis.. or detect on your program if it is installed and then launch the .sis(that has the all-tcb dll) from there.

or if feasible, get a manufacturer signing on your whole sis file.

[whitewinds]

if the .dll is just as a .dll, then your sis file must have all -tcb. if it's a 3rd party dll you could ask to get it in a manufacturer signed .sis

For 3rd aprty,I must sign my sis file with All -TCB capabilities? Then it is very difficult for other application to use this third party dll due to the signing issue. As I understood, signing with manufacture capability seems very complicate and difficult. For so a published Dll file, if it wants to be shared by other application, it is better to package the dll file in a symbian signed sis file. Then it is easy for other application to use it.

from my quick testing, if i embedded all -tcb(signed..) in a self signed.. then it wouldn't install. as if the embedded sis file(with dll all -tcb) was tried with the embedding sis files signing(embedded as embedded in pkg).

But if the sis file(with dll all -tcb) is embeded into a Developer certificate signed sis file, it should be able to install.

workaround is to just include the sis file as a normal file, then create a seperate installer program that launches the installer app on the sis.. or detect on your program if it is installed and then launch the .sis(that has the all-tcb dll) from there.

or if feasible, get a manufacturer signing on your whole sis file.

Thus, if I have an application which includes a dll file( All -TCB), before I can test my application on any phone, I must make my application symbian signed with All -TCB, or package the dll into a separate symbian signed sis file.

[wizard_hu_]

For 3rd aprty,I must sign my sis file with All -TCB capabilities? Then it is very difficult for other application to use this third party dll due to the signing issue. As I understood, signing with manufacture capability seems very complicate and difficult. For so a published Dll file, if it wants to be shared by other application, it is better to package the dll file in a symbian signed sis file. Then it is easy for other application to use it.

It works a bit different: if you publish a .dll, you are the one who should wrap it into a SymbianSigned .sis file. Then other developers just embed your .sis file into theirs (which can even be self-signed in this case).

But if the sis file(with dll all -tcb) is embeded into a Developer certificate signed sis file, it should be able to install.

No, every installation package is handled separately. Embedding does affect the capabilities of the original. Although there is at least one exception: Startup List Management cannot be used in an embedded .sis file - thus in this case the embedded .sis file gets a restriction just because of being embedded.

[muntain]

I'm getting realy more and more confused with this signing process: if I have 2 application one is the main application and the second it's only the Sarter that make the firstone autostart on device boot. So this 2 application are separated and need a certificate...How can I sign those 2 application? I want to make only a sisx of the main app that enbed the Started application...How can I sign the entire sisx?? I think that there's a lot of confusion around this signing process...Nokia say that this process is better for the security of the application and phones....I think that for developers it's I realy big problem and loss of time! I'm afraid that this process will cause more problem than benefict...even on the number of the application and on the number of sold phone.

[kiran10182]

I'm getting realy more and more confused with this signing process: if I have 2 application one is the main application and the second it's only the Sarter that make the firstone autostart on device boot. So this 2 application are separated and need a certificate...How can I sign those 2 application? I want to make only a sisx of the main app that enbed the Started application...How can I sign the entire sisx?? I think that there's a lot of confusion around this signing process...Nokia say that this process is better for the security of the application and phones....I think that for developers it's I realy big problem and loss of time! I'm afraid that this process will cause more problem than benefict...even on the number of the application and on the number of sold phone.

http://discussion.forum.nokia.com/fo...8&postcount=14

Kiran.

[muntain]

Ok so I have only to sing one .sis file that include the embedded application. I have found that an application embedded could not have autostart capability: so now I have embedded the main application in the starter application...is this the right way? or there's a different way? I don't like this way because the name of the installer is of the starter application and not of the main application

[muntain]

Ok I solved in another way

[alb3530]

Ok I solved in another way

it would be cool if you could post here how.

It might help other users that may face the same problem you did

best regards

[muntain]

I have created one .sisx containing both the applications, main and the startup. The UID specified in the .pkg file is that of the Startup program.