• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Midlet Signing..

 
Ranch Hand
Posts: 226
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi..

I have come across a need to move the MIDP application from the untrusted domain to trusted domain..

I have some mixed understanding about the whole process..

Can someone provide me an overall view of the process..

And what is Java Verification Process... and the role in the Signing of the the MIDLet...


Thanks in advance

Theepan...
 
Ranch Hand
Posts: 85
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
To answer you question,Maybe need thousands words.
Look these articles may be help for you:
http://java.sun.com/j2me/docs/wtk2.2/docs/UserGuide-html/security.html
http://blog.javia.org/?p=42
http://java.sun.com/products/sjwtoolkit/wtk2.5.1/docs/UserGuide-html/security.html
 
Ranch Hand
Posts: 156
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The articles posted in the above reply do provide some detailed information about the certification process.

As a developer, I would like to add a few quikies:

1) There is no magic bullet certificate that is going to place your application in the trusted domain on all the handsets. Know what devices you are aiming for.

2) When possible, go with the Carrier certificate. This is guaranteed to work on their phones atleast.

3) Java verified program is a good initiative and has all my support but the Geotrust cert they attach does not really have value in terms of placing your application in the trusted domain on the devices ( as of 2007). Their device range is bound to increase with time. I would advice to go through the process early on so that your application is tested through their criteria. BUT dont count only on the Geotrust cert they place in your JAD.

That was just my 2 cents.
 
Greenhorn
Posts: 22
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Greetings to you all!!

I've read all the articles that Shoumin posted and I was very disturbed by what I've learned from them. Signing is necessary ofcourse, but transforming this need into a money making machine is just a shame! Especially for Sun( I expected something like that from the manufacturers!!).

Well I have two quick questions:
1)I've read some posts in other forums that it is possible to hack some phones so that they trust every application, and never ask permission. Is this a fact or a myth? In my project I need to use a Nokia n95 phone, owned by a relative, and my midlet's only being developed especially for that phone. If I could hack it that would suit me better than paying 240$ to Java verified...

2)If you download somehow a trusted midlet, is the key contained in the jar or the jad file?

Thank you in advance!!
 
reply
    Bookmark Topic Watch Topic
  • New Topic