aspose file tools*
The moose likes Java Micro Edition and the fly likes Understanding Signed MIDlet Suite with x.509 PKI? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Mobile » Java Micro Edition
Bookmark "Understanding Signed MIDlet Suite with x.509 PKI?" Watch "Understanding Signed MIDlet Suite with x.509 PKI?" New topic
Author

Understanding Signed MIDlet Suite with x.509 PKI?

Alibabra Sanjie
Ranch Hand

Joined: Feb 09, 2004
Posts: 147
I have some questions regarding the Signed MIDlet Suite with x.509 PKI?

1)Can I create a root certifcate or a protected domain?
2)How the signer associates a protected domain with a signed MIDlet during the signing procedure?
3)Does the signer has the control which the protected domain or root certificate to use to sign a MIDlet suite?
4)Do I need a root certificate during the signing procedure?
5)If a device has more than one root certificate, how do I know a signed MIDlet is associated which protected domain?

Any thoughts about those questions?
[ October 07, 2004: Message edited by: Alibabra Sanjie ]

Alibabra
Michael Yuan
author
Ranch Hand

Joined: Mar 07, 2002
Posts: 1427
1. You cannot. Only device manufacturer and operators can create those.

2. Use a certificate that is approved and trusted by the manufacturer or operator -- you probably need to pay for that.

3. You can use any valid certificate to sign but it is typically placed in "3rd party trusted" domain unless you have agreement with the operator etc.

4. You do not need root cert.

5. You do not know. You need to pay the operator to get a trusted cert for you.


Seam Framework: http://www.amazon.com/exec/obidos/ASIN/0137129394/mobileenterpr-20/
Ringful: http://www.ringful.com/
Alibabra Sanjie
Ranch Hand

Joined: Feb 09, 2004
Posts: 147
Thanks Michael Yuan!

More questions:
1) Operators mean "CA - Certificate Authorization"?
2) Is it the root certificate the same as private key? or different thing. When the signer generate a key pair, the private key can be used as the root certificate? If yes, how the newly create root certificate - private key put into the devices
3) If I develop a MIDlet suite, and want to sign. Do I has to get manufacturer invloved? how about the concept of "3rd party trusted" domain?
4) How do I obtain a certificate that is approved and trusted by the manufacturer or operator to sign a third party MIDlet suite? Is it inside the device? or have to request from the manufacturer?
5) How the root certificate verify - match the signer certificate in the certificate-path in the JAD? Does it follow the PKI - privte key should match the public key?
[ October 07, 2004: Message edited by: Alibabra Sanjie ]
Punit Raizada
Ranch Hand

Joined: Mar 20, 2004
Posts: 156
Hi All,

I am a bit confused too about the certification process. This is what i think should be dont (Please Please correct me if I am wrong)

1) I make a Jad and Jar
2) I apply for a certificate to verisign and provide them my details. Does anyone know the link ?? i couldnt find it on their website
3) Then I will use this certificate to sign my JAR..

Step 2 and 3 are fuzzy to me... can some one who has been through this please elaborate

Regards


SCJP 1.4
Everything that can go wrong will go wrong -Murphy
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Understanding Signed MIDlet Suite with x.509 PKI?