Signing-Java-MEApplications-010809.pdf

Signing Java ME

Applications

Contents

1. What is the purpose of this document?

2. What are the basics?

2.1 What is application signing?

2.2 What indicates that an application has been signed?

2.3 Where does the signature take the application?

2.3.1 Domains

2.3.2 Accessing different domains

2.3.3 Why do domains matter?

2.3.4 Which pop up options are given to which features?

3. How do I use Sun Java TM Wireless Toolkit (WTK) for application signing?

3.1 Importing the keys to WTK

3.2 Signing with WTK

3.3 What about NetBeans?

4. What can go wrong?

4.1 MIDlet attributes

4.2 Permissions

4.3 The device and the certificate

4.4 The validity period

5. Glossary

1. WHAT IS THE PURPOSE OF THIS DOCUMENT?

This document provides key information about application signing in Java ME. It

starts from the basics so should be useful for anyone who is not familiar with

Java ME application signing.

2. WHAT ARE THE BASICS?

2.1 What is application signing?

Application signing means that an application is signed with a private key. For

each private key, there is a corresponding public key, which is delivered jointly

with the application in the form of a digital certificate. 1

When a signed application file is installed on a device, the application installer

verifies that the certificate in the application was created by a one of the

certificate authorities embedded in the device.

A certificate authority (CA) is an entity which issues digital certificates. CAs

include device manufacturers, operators, testing and signing programs or

professional companies offering certificate authority services. Java Verified is a

Certification Authority and its certificate is the “Geotrust CA for UTI”.

2.2 What indicates that an application has been signed?

When a MIDlet 2 is signed, two additional fields appear in the JAD file:

• MIDlet-Certificate-1-1

• MIDlet-Jar-RSA-SHA1

The MIDlet-Certificate field has the certificate used to sign the MIDlet. In some

cases there are multiple MIDlet-Certificate fields, which is normal, so do not

worry. Please note that all the fields which are in the JAD file are there for a

good reason and should not be removed.

Note: The MIDlet-Jar-RSA-SHA1 field contains the checksum that was

calculated from the JAR file and encrypted with the private key. So, if the JAR is

1 In practice, this public key or certificate works like the family seal that was used to confirm the origin of

letters in the last century. The receiver could verify the identity of the sender before opening the letter by

examining the seal. Of course, the stamp used to introduce the seal was never shared with anyone.

2 A MIDlet is a Java application framework for the Mobile Information Device Profile (MIDP) that is typically

implemented on a Java ME -enabled device. MIDlets are applications, such as games.

changed, the calculated checksum will be incorrect and then the signature will

no longer be valid.

2.3 Where does the signature take the application?

2.3.1 Domains

Certificate authorities (CAs) provide their certificates to the device

manufacturers and these certificates are installed at the time of manufacture to

a specific protection domain.

Note: In the case of certificates that are used with Java ME applications, it

should not be possible to add these after device manufacture.

The security domain depends on the particular CA:

• Identified 3rd party protection domain – signed by or for a party which is

known (formerly known as the Trusted third party domain)

• Operator domain – signed by an operator or a carrier

• Manufacturer domain – signed by a device manufacturer

Unsigned applications will be allocated to the unidentified third party protection

domain (formerly known as the Untrusted third party domain)

When an application is signed, it will receive the privileges of the protection

domain where the corresponding CA certificate is defined in the device. If the

device does not have a corresponding certificate, the application will not install.

2.3.2 Accessing different domains

Access to a domain is in the hands of the party who acts as the certificate

authority (CA) and thus application signing can carry liabilities for the CA. For

example, if an operator signs an application to the operator domain, that

operator can be held responsible for the application. This is why access to

domains is tightly controlled.

2.3.3 Why do domains matter?

Domains matter because they determine the following parameters:

• The level of access the application has to certain device features:

o For example an unsigned MIDlet is not allowed to open datagram

connections on ports 9200, 9201 or 9203 according to the MIDP 2.1

specification.

• The kinds of pop ups the user will have to deal with when using the

application:

o According to the MIDP 2.0 specification, an unsigned application with

the default security settings must ask for a permission to make a

network connection every time the application opens the connection.

• The options the user has to change the pop up settings:

o An unsigned application can set “Always allowed” to local connections

but not to any other feature according to the MIDP 2.0 specification.

Here are the different options granted to applications, which can be changed in

the application access settings in the device:

• Not allowed - “No, the application cannot do that!”

• Ask every time / one shot - “Every time the application wants to use a

feature the user is prompted.”

• Ask first time / session - “When I run the application, the first time the

feature is used the user is prompted.”

• Always allowed / blanket - “No questions asked”

The place where the settings can be changed varies between devices.

2.3.4 Which pop up options are given to which features?

Generally it is very difficult to say which application features will be granted

which options. This is mainly due to the different security implementations in

devices. Nonetheless, the rules of thumb are:

• Application signed to the “Identified third party protection domain” has

better options for limiting the pop ups than an application signed to the

“Unidentified third party protection domain”

• Application signed to the “Operator domain” or the “Manufacturer domain”

do not have any pop-ups.

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: