Verisign signing - Java ME
Article Metadata
A commercial application which requires access to some specific APIs like JSR 75, JSR 205, JSR 135 etc. benefits from getting signed with a commercial certificate from third party certificate providers like VeriSign or Thawte. Before buying any certificate from these third parties, you have to make sure that the target phone's of your device has the corresponding root certificate installed and set to allow MIDlet signing. You can check this from the settings of the target mobile device.
The following paragraphs contain the description of the process and steps required to get a certificate from VeriSign and to sign & test you MIDlet.
Contents |
Getting the certificate
Step 1
Make sure, you have the latest JDK installed on your computer.
Step 2
Create a keystore
You have to generate a public/private key pair, for this enter the following command, specifying a name for your keystore and an alias as well.
C:\jdk1.3\bin\keytool -genkey -keyalg rsa -keystore <keystore_filename> -alias <alias_name>
Keytool prompts you to enter a password for your keystore, your name, organization, and address. The public/private key pair generated by keytool is saved to your keystore and will be used to sign J2ME applications. This key is never sent to VeriSign and is required to sign code. So you should make a copy of the public/private key pair and store it in a safe deposit box or other secure location. If the key is lost or stolen, contact VeriSign immediately to have it revoked.
Step 3
Create a CSR
You need to generate a Certificate Signing Request (CSR) for the enrollment process.
1. The following command requests Keytool to create a CSR for the key pair in the keystore:
C:\jdk1.3\bin\keytool -certreq -file certreq.csr -keystore <keystore_filename> -alias <alias_name>
2. Begin the enrollment process for a Code Signing ID from the products and services section of the VeriSign Web site.
3. Copy the contents of the CSR and paste them directly into the VeriSign enrollment form. Open the file in a text editor that does not add extra characters (Notepad or Vi are recommended).
This is the end of requesting the certificates from VeriSign.
Signing the MIDlet
Step 1
After VeriSign has verified your request, they will send an email with the digital id attached. You have to import it to the keystore.
To import your Sun Java Signing Code Signing Digital ID into your keystore, enter the following code with the path correct name for your file (for example, "cert.cer") to your Code Signing Digital ID.
C:\jdk1.3\bin\keytool -import -trustcacerts -keystore <keystore_filename> -alias <alias_name> -file cert.cer
Step 2
Now sign the application by the two command prompt
java -jar JadTool.jar [ -addcert -alias keyAlias [ -keystore keystore ] [ -storepass password ] -inputjad inputJadFile -outputjad outputJadFile ]
java -jar JadTool.jar [ -addjarsig [ -jarfile jarFile ] -alias keyAlias [ -keystore keystore ] -storepass password -keypass keyPassword -inputjad inputJadFile -outputjad outputJadFile ]
For all the signing steps, Courtesy:
23 Sep
2009
This article provides a useful overview of the process involved in signing a Java MIDlet. If anything, the title is a bit of a misnomer, as the steps involved are no different whether you are signing with a Verisign certificate or a Thawte certificate. The article gives a nice step by step overview of the different steps involved in the process, although the steps are more than likely “borrowed” from another source, as cited at the bottom of the article. One small thing to note is that the path to the JDK is usually in c:\program files\java\jdk these days, rather than the path specified in the article.
One other thing to remember when signing using the steps described in this article – don’t forget the password you use when generating your keystore! You will need this once you have signed your keystore using the digital certificate in order to unlock your key pair. “Step 2” under the heading “Signing the Midlet” can actually be accomplished easily using NetBeans, by right-clicking on the project name, going to Properties ->Build->Signing. You simply need to import your keystore and your installer files will be digitally signed. This eliminates having to enter textual commands using a text editor or command-line interface and speeds up the building process as it only has to be performed once.
From personal experience, there is quite a difference in price between the different suppliers. If the devices you are targeting support all the different certificates, go for the cheapest option!
24 Sep
2009
This article is about signing your application with third party certificate. Because if you want to use some API like JSR-75 , JSR-205 and JSR-135 in your application, you want to first sign your application to a particular certificate. Here in this example VeriSign and Thawte is given. This article briefly explains how you can sign your application to third party.
So this is an important information for every application developer.