Security platform: controversial information

[mikfi]

Hi guys,
I am struggling with Security Platform.
I found information that to me look controversial. Which one is the truth, according to your understanding? A or B?

A] Document: "Testing And Signing With Symbian Platform Security - Version 1.3, March 20, 2006, FN"

Statement in ch 2.3:
"S60 3rd Edition introduces mandatory signing of applications. This means that the application will not install if it has not been signed."

B] Book: "Symbian OS Platform security", ch 9.1.1, page 187:
"With this security policy, the capabilities that user can grant are LocalServices and UserEnvironment. Any application requiring other capabilities will, therefore, need to be signed".

Let's take an example of developing a Bluetooth application for "personal use".
If document is right then I have to sign it, maybe better (=cheaper) with Symbian Developer Certificate. In case of my personal use, it will be totally free (since not VeriSign certificate is needed).

If the book is right that means that I can avoid signing it. And I could even deploy that application to my friends and it will work as far as every user will grant LocalServices capabilities at installing time.

Which one is the truth?
I hope someone could clarify.

Thanks,
mik

[wizard_hu_]

The truth is a combination of A & B: every sisx file has to be signed, but you can apply "self signing". Search for "makekeys" in the SDK Help.

[mikfi]

Thank you for your hint.
However I am still confused: hopefully this discussion will be useful to someone else as well.

1. So, I can use MakeKeys tool to generate a private key file and a self-signed certificate.
At this point – if I understood correctly – I can already install the application in my mobile.
I assume that so far I can use the basic User-grantable capabilities.

2. Therefore the difference from getting a Symbian Developer Certificate consists in the amount of capabilities I am allowed to use, right?
(If I get Symbian Developer Certificate I could use more and that depends by the numbers o IMEIs I apply for).

3. Then, after using MakeKeys, “it is up to developer” to send the certificate request to be signed by trusted third party.
This step I guess become useful just from the moment I decide to deploy my application to someone else.
But again, since at step one I didn’t specify my IMEI, shouldn’t be my self-signed application already installable by other users if only uses User-grantable capabilities?

Am I missing something?

Thanks for your help,
Mik

[wizard_hu_]

Am I missing something?

No, in fact you have already overcomplicated the method :-)
1: Yes, with makekeys you generate everything that is necessary for self-signing an application
2: Yes, self-signing is weaker than both normal and developer certificates
3: No, if your application works with your certificate you are done: you can sign and spread your application.

If your application does not work with self-signing, you have to send the application to somewhere (check on www.symbiansigned.com), and they will send you back a signed .sis file, ready for publishing. However it costs money, even when your application is just tested but rejected.
And this is the point where DevCerts come into the picture: you get a certificate for "power-signing" but it will work only on a limited set (on 1 or 1-20 different IMEI-s by default) of devices.

[CharlesWeir]

So here’s a summary of the actual deployment options. Is it correct?

Scenario: Simple application, uses no platsec capabilities.
What we do: MMP file has Capabilities: none. Sign the SIS file with a signature generated on the fly by signsis.
Result: Application installs on any phone, can access network etc, but will always warn the user first.

Scenario: Typical application, uses some simple platsec capabilities.
What we do: Generate a private key file for our organisation/department and pay Verisign to validate it and send us a certificate. Put capabilities required in the MMP file. Sign application with signsis passing the private key and certificate. Send result to Test House; if it passes, they get Symbian to countersign the SIS file.
Result: Countersigned application installs on any phone, does whatever it’s allowed to.

Scenario: Demanding application, uses restricted platsec capabilities.
What we do: As above... but...

Errr: how do we persuade a test house to grant extended capabilities?

[wizard_hu_]

Approximately. However you may want to search for "Assigning Capabilities" in the SDK Help. For example there are user grantable capabilities.

[enstedt]

To get better overwiev of the process for granting sensitive (manufacturer) capabilities you should read the short slideset available at http://www.forum.nokia.com/info/sw.n..._0_en.pdf.html