![[Index]](../../../_stock/btn_index_wt.gif){kind=small}
![[Spacer]](../../../_stock/btn_spacer.gif){kind=small}
![[Previous]](../../../_stock/btn_prev_wt.gif){kind=small}
![[Next]](../../../_stock/btn_next_wt.gif){kind=small}
|
|
| |
|
|
||
A digital signature can be used to verify the identity of the sender of an installation file, and to verify that the file hasn't been tampered with since it was signed. To digitally sign an installation file requires a private key and public key certificate, which must previously have been created using the Certificate Generator. The process is:
Create a private key and a self signed certificate using the Certificate Generator. If verification of the sender's identity is not important, then skip to step 4.
Create a certificate request using the Certificate Generator, specifying the private key and self-signed certificate created in step 1.
Send the certificate request to the Certificate Authority, and get back the authenticated digital certificate.
Create a text file with extension .pkg.
Specify the supported languages and the package header. These are discussed in How to create a simple installation file and How to create an installation file for a multilingual application.
Specify the private key used to create the digital signature, and the public key certificate to be used to decrypt it — for secure installation this should be an authenticated digital certificate, however the self-signed certificate may be used. Prefix the line with an asterix. Alternatively, these files can be given as command line arguments to SignSIS - the Installation File Signer.
Specify the source and target destinations for any files to be installed.
Invoke the Installation File Generator on the package file.
Sign the the installation file using the Installation File Signer.
|
The package file for an installation with a digital signature is
provided in
examples\ToolsAndUtilities\Install\HelloWorldSecure.pkg
A listing of the file is given below:
#{"Minimal application"},(0x10004299),1,0,0,TYPE=SISAPP
*"HelloWorld.key","HelloWorld.cer"
"HelloWorld.exe"-"!:\sys\bin\HelloWorld.exe"
"HelloWorld_reg.rsc"-"!:\private\10003a3f\import\apps\HelloWorld_reg.rsc"
"HelloWorld.rsc"-"!:\resource\apps\HelloWorld.rsc"
The package file installs exactly the same application as described in How to create a simple installation file. Consequently the package header, and the final lines in which the application files are installed are the same as for the simple installation.
The second line specifies the private key used to create the installation file’s digital signature, and the certificate to verify it. This certificate, which may be self-signed or from a CA, is also copied into the installation file.
To create the installation file HelloWorldSecure.sis,
invoke the Installation File Generator on the package file:
makesis HelloWorldSecure.pkg
To sign the installation file, invoke the Installation File Signer on
HelloWorldSecure.sis:
signsis HelloWorldSecure.sis
|
There are a number of concepts in the file which are explained in How to create a simple installation file (e.g., UID, Build number, comments). See this topic for more information.
|
Copyright ©2006 Symbian Software Ltd. |
|
![[Top]](../../../_stock/arrow_up_2.gif){kind=icon}
![[Previous]](../../../_stock/btn_prev.gif){kind=small}
![[Top]](../../../_stock/btn_top.gif)
![[Next]](../../../_stock/btn_next.gif){kind=small}