makekeys.exe
The Certification Generator is a PC based command line tool which creates a private/public key pair and issues certificate requests. The resultant private key is used to digitally sign installation files, enabling the install system to authenticate them. It carries out the following tasks:
Creation of a private/public key pair, where the public key is in the form of a self signed certificate.
Construction of a certificate request.
Optional viewing of certificate details.
makekeys -cert [-v] [-len
key-length
] [-password
password
] -dname
distinguished-name-string private-key-file public-key-cert
For example:
makekeys -cert -dname "CN=Symbian OU=Development OR=Symbian Ltd CO=GB" mykey.key mycert.cer
The Certification Generator uses a mouse input mechanism to generate the private key. The MSDOS
property QuickEdit
must be turned off in order for sampling of random data from the mouse to work.
makekeys – req [-v][-password
password
]
-dname
distinguished-name-string private-key-file public-key-cert
cert-request-file
For example:
–makekeys req -dname "CN=Symbian OU=Development OR=Symbian Ltd CO=GB" mykey.key mycert.cer myreq.p10
It is then up to the developer to send the certificate request to be signed by a trusted third party, i.e. a Certificate Authority. The CA uses various means to establish that the originator of the certificate request is who they claim to be. The developer’s public key is signed by the CA, using the CA’s private key, creating a certificate, which is then sent back to the applicant. The CA may return a single certificate, or a file containing a chain of certificates.
It is important that certificates returned by CA's are in the base64 encoded ASCII format. The Certification Generator generates base 64 encoded certificate files and expects certificates which come back from a CA to be in the same format.
The CA may return a file containing a certificate chain. These are supported, and are needed if intermediate certificates are required between the CA’s root certificate on the EPOC device and the developer certificate.
makekeys – view
public-key-cert
Displays details of a certificate or certificate chain file. The -view
command should be used with an existing certificate file (which should be in base 64 encoded format).
For example:
makekeys – view mycert.cer
|