A digital signature can be used to verify the identity of the sender of an installation file, and to verify that the file hasn’t been tampered with since it was signed. To digitally sign an installation file requires a private key and public key certificate, which must previously have been created using the Certificate Generator. The process is:
Create a private key and a self signed certificate using the Certificate Generator — see appropriate “How to” topic. If verification of the sender’s identity is not important, then skip to step 4.
Create a certificate request using the Certificate Generator, specifying the private key and self-signed certificate created in step 1 — see appropriate “How to” topic.
Send the certificate request to the Certificate Authority, and get back the authenticated digital certificate.
Create a text file with extension .pkg
.
Specify the supported languages and the package header. These are discussed in the “How to” topics for a simple installation and for installing a multilingual application.
Specify the private key used to create the digital signature, and the public key certificate to be used to decrypt it. For secure installation this should be an authenticated digital certificate, however the self-signed certificate may be used. Prefix the line with an asterix.
Specify the source and target destinations for any files to be installed.
Invoke the Installation File Generator on the package file.
How to create a private key and self signed certificate, How to create a secure digital certificate,How to create a simple installation file, How to create an installation file for a multilingual application, Package signature,
The package file for an installation with a digital signature is
provided in epoc32ex\ToolsAndUtilities\HelloWorldSecure.pkg
.
A listing of the file is given below:
#{"Minimal application"},(0x10004299),1,0,0,TYPE=SISAPP
*"HelloWorld.key","HelloWorld.cer"
"HelloWorld.app"-"!:\system\apps\HelloWorld\HelloWorld.app"
"HelloWorld.rsc"-"!:\system\apps\HelloWorld\HelloWorld.rsc"
The package file installs exactly the same application as described in the “How to” for a simple installation. Consequently the package header, and the final lines in which the application files are installed are the same as for the simple installation.
The second line specifies the private key used to create the installation file’s digital signature, and the certificate to verify it. This certificate, which may be self-signed or from a CA, is also copied into the installation file.
To create the installation file HelloWorldSecure.sis
,
invoke the Installation File Generator on the package file:
makesis HelloWorldSecure.pkg
There are a number of concepts in the file which are explained in the “How To” for a simple installation (e.g. UID, Build number, comments). See this topic for more information.