![[Index]](../../../_stock/btn_index_wt.gif){kind=small}
![[Spacer]](../../../_stock/btn_spacer.gif){kind=small}
![[Previous]](../../../_stock/btn_prev_wt.gif){kind=small}
![[Next]](../../../_stock/btn_next_wt.gif){kind=small}
|
|
| |
|
|
||
MakeKeys - Certification Generator syntax
The Certification Generator, MakeKeys.exe, is a PC based
command line tool which creates a private/public key pair and issues
certificate requests. The resultant private key is used to digitally sign
installation files, enabling the install system to authenticate them. It
carries out the following tasks:
Create a private key and self signed certificate (i.e. a private/public key pair, where the public key is in the form of a self signed certificate)
Create a certificate request given a self-signed certificate
View certificate details (optional).
|
The following diagram shows the PC based tool
(MakeKeys.exe) which is used to generate a public/private key
pair, certificate requests and certificates. The resultant private key is used
when digitally signing an install package and the certificates are added to the
install package to enable the install system to authenticate the digital
signature.
|
makekeys -cert [-v] [-password <password>] [-len <key-length>] -dname <distinguised-name-string> <private-key-file> <public-key-cert>
For example:
makekeys -cert -password yourpassword -len 2048 -dname "CN=Joe Bloggs OU=Development OR=Symbian Software Ltd CO=GB EM=joe.bloggs@Symbian.com" mykey.key mycert.cer
Arguments table below
If the private-key-file does not exist it will be created
The Certification Generator uses a mouse input mechanism to
generate the private key. The MSDOS property
QuickEdit must be turned off in order for sampling of random
data from the mouse to work.
makekeys -req [-v] [-password <password>] -dname <distinguised-name-string> <private-key-file> <public-key-cert> <cert-request-file>
For example:
makekeys -req -password yourpassword -dname "CN=Joe Bloggs OU=Development OR=Symbian Software Ltd CO=GB EM=Joe.Bloggs@Symbian.com" mykey.key mycert.cer myreq.p10
It is then up to the developer to send the certificate request to be signed by a trusted third party, i.e. a Certificate Authority (CA). The CA uses various means to establish that the originator of the certificate request is who they claim to be. The developer’s public key is signed by the CA, using the CA’s private key, creating a certificate, which is then sent back to the applicant. The CA may return a single certificate, or a file containing a chain of certificates.
It is important that certificates returned by CAs are in the base64 encoded ASCII format. The Certification Generator generates base64 encoded certificate files and expects certificates that come back from a CA to be in the same format.
The CA may return a file containing a certificate chain. These are supported, and are needed if intermediate certificates are required between the CA’s root certificate on the Symbian OS phone and the developer certificate.
Arguments table below
makekeys -view <public-key-cert>
Displays details of a certificate or certificate chain file. The
-view command should be used with an existing certificate file
(which should be in base 64 encoded format).
For example:
makekeys -view mycert.cer
Arguments table below
|
|
|
Copyright ©2006 Symbian Software Ltd. |
|
![[Top]](../../../_stock/arrow_up_2.gif){kind=icon}
![[Previous]](../../../_stock/btn_prev.gif){kind=small}
![[Top]](../../../_stock/btn_top.gif)
![[Next]](../../../_stock/btn_next.gif){kind=small}