How to guide for creating/signing sis files
This article explains about creating and signing .sis files. It applies to Symbian OS 9 (or newer) and S60 3rd Edition (or newer). For earlier Symbian OS or S60, signing is not mandatory.
Article Metadata
Reasons: hamishwillee (29 Nov 2011)
The article content is useful and accurate. However there are heaps of articles on the wiki with the same topic, some that also cover using the IDE, carbide, Qt Creator, using devcerts, using local certificates, using createsis. I think this needs to be merged with the others.
Contents |
Creating .sis files
A .sis file is created from .pkg file using makesis tool, a standalone command line tool. For example:
makesis myapp.pkg
The command above creates myapp.sis from myapp.pkg.
In case of your PKG-file was generated by Carbide.c++, you will get error, something like this:
Error : Cannot find file $(EPOCROOT)Epoc32\release\$(PLATFORM)\$(TARGET)...
To avoid this error, you should replace macroses $(EPOCROOT), $(PLATFORM), $(TARGET) with the real pathes to the files.
Signing .sis files
Signing a .sis file can be done using signsis tool. For example:
signsis myapp.sis myapp.sisx mycert.cer mykey.key
The example above signs myapp.sis into myapp.sisx using the certificate of mycert.cer and the private key of mykey.key.
Note that some developers give the extension of .sisx for signed file. However, it does not mean that .sis is always unsigned file. There are many .sis file that is signed.
There are several certificates that can be used for signing, i.e.:
- Self-signed certificate
- Developer certificate
- Symbian Signed certificate
Self-signed certificates
An application can be signed using self-signed certificate if it does not require any capabilities that cannot be granted by the users. Technically, it means the application does not require any capability or require one (or more) of the following capabilities:
- LocalServices
- Location (starting with S60 3rd Edition FP2)
- NetworkServices
- UserEnvironment
- ReadUserData
- WriteUSerData
Self-signed certificate is generated by the developer and as such it cannot be trusted by the device. During installation, the users will be prompted a warning dialog saying that the application is not trusted.
This type of certificate can be used for signing commercial releases of the applications.
Developer certificate
An application has to be signed with developer certificate if it requires more than the basic capabilities above. Developer certificate is used in the testing and development phase to be able to test the application on a real device. The reason is because the certificate is bound to the IMEI. An application signed with this certificate can only be installed on a device whose IMEI is supported by the certificate.
One way to apply for Developer Certificate is via Symbian Signed. Some phone manufacturers may have their own developer certificates as well.
This type of certificate cannot be used for signing commercial releases of the applications.
Symbian Signed certification
Symbian Signed certification is mandatory for the application that requires extended of set capabilities, i.e. capabilities that cannot be granted by the users during installation. It is intended for public distribution, not for development. Unlike developer certificate, an application signed with this certificate can be installed on any compatible device. There is not IMEI limitation.
There are a number of requirements that have to be fulfilled to get certification. Symbian Signed performs a set of test case to the application before it can be signed with Symbian Signed certificate. The Symbian Signed certification process costs a few hundred Euros. Please check the latest requirements and cost of getting certification from Symbian Signed web site.
Note: Self-signed application does not need to go to Symbian Signed certificate. It can go through Symbian Signed if developers want to eliminate the warning dialog during installation.
Which certificate to use?
The picture below shows how to choose which certificate to use.
- The first question that needs to be answered is whether the signing is for development or production.
- If it is for development, it can be self-signed certificate or developer certificate depending on the required capabilities. Note that, developer certificate can be used in both cases.
- If it is for production, an application normally goes to Symbian Signed. The exception is when the developer does not mind distributing it as untrusted application. In which case, self-signed certificate can be used.
Batch file for creating and signing sis file
When using command line a good is to create batch file Once you have the certificate and the key file ready for your application use the following batch file to create and sign the sis file.
makesis mypkg.pkg myappunsigned.sis
signsis -v myappunsigned.SIS myapp.sis appcertificate.cer appkey.key mypass
- Just copy the above two lines in notepad and name the file as sign.bat
- Copy this file in your SIS folder and whenever you need to sign just type sign.bat from the command prompt.
Internal links
- How to sign a .Sis file with Self-Sign Certificate
- Developer Certificate (Symbian Signed)
- Freeware signing
- How do I use the same pkg file for debug and release builds?
04 Sep
2009
Symbian introduced the concept of Data caging from version 9.1 (Symbian OS 9.1) onwards, to protect application and its content better than ever. So before deploying application to real device developer need to sign application (for testing purpose)using self-signed certificate Or Developer certificate.
This article explains all necessary steps create and sign .sis file from command line. It also explain where to use self-signed certificate and where to use developer certificate for testing purpose.
06 Sep
2009
The article clearly explains the method to make a .sis file and explained the importance of signing an application. Both self-signed and symbian signed processes are explained in this article. It also explained the importance of developer certificate. Where to use symbian-signed or self-signed or developer certificate is also illustrated in this presentation.
This article makes itself essential by illustrating signing process.
22 Sep
2009
I have added one important note in this article and now I also want aprove it.
Creating final *.sis and its signing - rather important stages of the development process. Beginning with Symbian 9, only signed applications can be installed on the destination device. So, even for running the next set of tests on the device, you should sign the application.
07 Sep
2009
In this article author demonstrates how to simplify making and signing final *.sisx with the help of batch-file and developer certificate. Such approach helps to save time and to avoid errors.
Also this article demonstrates how to select correct type of signing - very important question, especially if you are preparing an application for distribution.
Lakshmishar - Creating .sis files
i am getting error while creating sis and sisx files.
As I am using S60-3rd-FP1. Kindly suggest.Hamishwillee - @Lakshmishar - what error?
Hi Lakshmishar
Please only use wiki comments for specific comments against articles. For questions like this, you need to ask on the discussion boards, and you need to indicate exactly what error you are getting and when in the development process. If you post an error report like this no one will bother helping you because it is a waste of their time to investigate without more information.
Regards
Hamish<p style="text-align:right">hamishwillee 05:15, 29 November 2011 (EET)