Symbian Developer Library

SYMBIAN OS V6.1 EDITION FOR C++

[Index] [Glossary] [Previous] [Next]



Certification Generator syntax: makekeys.exe


Purpose

The Certification Generator is a PC based command line tool which creates a private/public key pair and issues certificate requests. The resultant private key is used to digitally sign installation files, enabling the install system to authenticate them. It carries out the following tasks:


See also

Package file format .pkg

[Top]


Command line syntax


Create a private key and self signed certificate

makekeys -cert [-v] [-len key-length ] [-password password ] -dname distinguished-name-string private-key-file public-key-cert

For example:

makekeys -cert -dname "CN=Symbian OU=Development OR=Symbian Ltd CO=GB" mykey.key mycert.cer

Note:


Create a certificate request given a self-signed certificate.

makekeys – req [-v][-password password] -dname distinguished-name-string private-key-file public-key-cert cert-request-file

For example:

–makekeys req -dname "CN=Symbian OU=Development OR=Symbian Ltd CO=GB" mykey.key mycert.cer myreq.p10

It is then up to the developer to send the certificate request to be signed by a trusted third party, i.e. a Certificate Authority. The CA uses various means to establish that the originator of the certificate request is who they claim to be. The developer’s public key is signed by the CA, using the CA’s private key, creating a certificate, which is then sent back to the applicant. The CA may return a single certificate, or a file containing a chain of certificates.

It is important that certificates returned by CA's are in the base64 encoded ASCII format. The Certification Generator generates base 64 encoded certificate files and expects certificates which come back from a CA to be in the same format.

The CA may return a file containing a certificate chain. These are supported, and are needed if intermediate certificates are required between the CA’s root certificate on the EPOC device and the developer certificate.


View certificate details

makekeys – view public-key-cert

Displays details of a certificate or certificate chain file. The -view command should be used with an existing certificate file (which should be in base 64 encoded format).

For example:

makekeys – view mycert.cer


Arguments

-cert

Create the private key (private-key-file) and self signed certificate (public-key-cert). If the private key file already exists it will be used to create the self signed certificate.

-req

Create a certificate request.

-view

View certificate details.

-v

Verbose mode — displays additional diagnostic information.

-dname distinguished-name-string

The distinguished-name-string specifies the distinguished name parameters required for the self-signed public key certificate file. This command line option should be constructed of a string of white space separated key/value pairs as follows:

  • CN=common name

  • OU=organisational unit

  • OR=organisation

  • LO=locality

  • ST=state

  • CO=country

  • EM=e-mail address

-password password

Password (optional). After creation, the password must be supplied to subsequently use the private key.

-len key-length

The key-length. The minimum is 512, maximum is 4096. The key length defaults to 1024.

private-key-file

The file containing the private key. The private key should kept secret by the developer, whereas the public key is usually made generally available. Has a .key extension

public-key-cert

A self-signed certificate containing the public key. Has a .cer extension

cert-request-file

A self-contained file which is sent to the CA. The Certification Generator will create this file given a private and public key. It is then up to the developer to send the file to the CA and arrange for the application for the certificate. Has a .p10 extension.