The Certification Generator

Symbian’s secure software installation system allows users, prior to installing software, to:

• identify the software vendor

• verify that installation file has not been tampered with since it was created

This functionality is particularly important within an environment in which there is easy access to a wide range of freely down-loadable software (i.e. which might be infected with viruses).

The Certificate Generator creates a public/private key pair. These are used by the Installation File Generator to create a digitally signed installation file. This process, and the way secure installation works, are discussed in the following sections.

This section gives an overview of public-key, or asymmetric, cryptography which is used in the installation of software components.

Public-key cryptography uses a pair of keys, one which is designated the private key and kept secret, the other with is called the public key and is made generally available.

Information encrypted using one key can only be decrypted using the other, and vice versa. The implication of this is that if a message can be decrypted using the public key, then it must have been sent from the owner of the private key. Similarly, messages encrypted using the public key can only be decrypted by the private key.

Public key cryptography can be used to create a digital signature. A ‘hash’ is calculated for some data — this is a small, fixed-length value generated by a function that has the property that different values for the data will result in different hash values. The hash is encrypted using a private key to create the digital signature. The signature is appended to the data along with a public key and sent to another user.

To verify the signature, the user decrypts the hash value using the public key provided, and also recalculates the hash value from the data. If the two hash values are the same then it can be assumed that the data received was sent by the person with access to the corresponding private key.

Digital signatures do not in themselves assure the authenticity of data, since they only ensure that the person sending the data has the private key corresponding to the public key used to check the signature.

It is still necessary to identify the owner of the public key, and this is the purpose of certificates.

A certificate is a public key together with some other information, collectively signed with some private key. The certificates used for secure software installation are ‘identity certificates’, in which the ‘other information’ is a name identifying the public key’s owner.

If the recipient of the message trusts the public key corresponding to the private key used to sign the certificate, then they can have some confidence that the public key in the certificate belongs to the individual named in the certificate.

Organisations called Certification Authorities (CAs) issue certificates: individuals can supply a public key and their name to these organisations, which verify the identity of the individual and sign their public key and name with the CA’s private key. As a result, anybody who trusts the CA’s public key can use it to verify signatures generated by that individual.

So, if the Symbian OS phone includes a certificate from a given CA, and this certificate is marked as being trusted for secure software installation, then a developer can generate a key pair, get the public key certified by that CA, then use the private part of their key pair to sign their program. The resulting installation file, consisting of the program, its signature and the developer’s certificate, may be distributed to end users. The process used to implement this scheme is discussed in “The Process” section below.

On the target phone, the secure software installation process first checks the signature on the installation file — using the public key in the developer’s certificate to ensure that the install package is signed by the developer’s private key. It then checks the signature on the developer’s certificate — using the CA’s public key from the CA’s certificate to ensure that the key pair really does belong to the person named in the certificate.

The Certification Generator creates a self signed certificate, which can be used for testing purposes. In this case a key pair is generated, then the public key and the developer’s name are signed with the private key. This can also be used to create an installation file, but since Symbian OS phones will not include a copy of the developer’s public key it will not be possible to authenticate the file.

Creating installation files using the Certificate Generator and Installation File Generator is relatively simple, and requires no knowledge of how public key cryptography and digital signatures work.

The following steps detail the process required to create a digitally signed installation file.

1. Run the Certificate generator to create a private key and a self signed certificate containing its corresponding public key.

2. Run the Certificate Generator to create a certificate request.

3. Submit the certificate request to a Certification Authority and receive an authenticated digital certificate.

4. Specify the private key and digital certificate in the Installation File Generator package file.

5. Run the Installation File Generator to create the authenticated installation file

How to create a secure digital certificate, How to create a private key and self signed certificate, How to digitally sign an installation file, Package signature