I have some questions regarding the Signed MIDlet Suite with x.509 PKI?
1)Can I create a root certifcate or a protected domain? 2)How the signer associates a protected domain with a signed MIDlet during the signing procedure? 3)Does the signer has the control which the protected domain or root certificate to use to sign a MIDlet suite? 4)Do I need a root certificate during the signing procedure? 5)If a device has more than one root certificate, how do I know a signed MIDlet is associated which protected domain?
Any thoughts about those questions? [ October 07, 2004: Message edited by: Alibabra Sanjie ]
Joined: Mar 07, 2002
1. You cannot. Only device manufacturer and operators can create those.
2. Use a certificate that is approved and trusted by the manufacturer or operator -- you probably need to pay for that.
3. You can use any valid certificate to sign but it is typically placed in "3rd party trusted" domain unless you have agreement with the operator etc.
4. You do not need root cert.
5. You do not know. You need to pay the operator to get a trusted cert for you.
More questions: 1) Operators mean "CA - Certificate Authorization"? 2) Is it the root certificate the same as private key? or different thing. When the signer generate a key pair, the private key can be used as the root certificate? If yes, how the newly create root certificate - private key put into the devices 3) If I develop a MIDlet suite, and want to sign. Do I has to get manufacturer invloved? how about the concept of "3rd party trusted" domain? 4) How do I obtain a certificate that is approved and trusted by the manufacturer or operator to sign a third party MIDlet suite? Is it inside the device? or have to request from the manufacturer? 5) How the root certificate verify - match the signer certificate in the certificate-path in the JAD? Does it follow the PKI - privte key should match the public key? [ October 07, 2004: Message edited by: Alibabra Sanjie ]
Joined: Mar 20, 2004
I am a bit confused too about the certification process. This is what i think should be dont (Please Please correct me if I am wrong)
1) I make a Jad and Jar 2) I apply for a certificate to verisign and provide them my details. Does anyone know the link ?? i couldnt find it on their website 3) Then I will use this certificate to sign my JAR..
Step 2 and 3 are fuzzy to me... can some one who has been through this please elaborate
Everything that can go wrong will go wrong -Murphy