I have some questions regarding the Signed MIDlet Suite with x.509 PKI?
1)Can I create a root certifcate or a protected domain? 2)How the signer associates a protected domain with a signed MIDlet during the signing procedure? 3)Does the signer has the control which the protected domain or root certificate to use to sign a MIDlet suite? 4)Do I need a root certificate during the signing procedure? 5)If a device has more than one root certificate, how do I know a signed MIDlet is associated which protected domain?
Any thoughts about those questions? [ October 07, 2004: Message edited by: Alibabra Sanjie ]
More questions: 1) Operators mean "CA - Certificate Authorization"? 2) Is it the root certificate the same as private key? or different thing. When the signer generate a key pair, the private key can be used as the root certificate? If yes, how the newly create root certificate - private key put into the devices 3) If I develop a MIDlet suite, and want to sign. Do I has to get manufacturer invloved? how about the concept of "3rd party trusted" domain? 4) How do I obtain a certificate that is approved and trusted by the manufacturer or operator to sign a third party MIDlet suite? Is it inside the device? or have to request from the manufacturer? 5) How the root certificate verify - match the signer certificate in the certificate-path in the JAD? Does it follow the PKI - privte key should match the public key? [ October 07, 2004: Message edited by: Alibabra Sanjie ]
I am a bit confused too about the certification process. This is what i think should be dont (Please Please correct me if I am wrong)
1) I make a Jad and Jar 2) I apply for a certificate to verisign and provide them my details. Does anyone know the link ?? i couldnt find it on their website 3) Then I will use this certificate to sign my JAR..
Step 2 and 3 are fuzzy to me... can some one who has been through this please elaborate
Everything that can go wrong will go wrong -Murphy