Signing Amid Let Suite; Signer Of Midlet Suites; Midlet Attributes Used In Signing Midlet Suites; Creating The Signing Certificate - Motorola E680 - Smartphone - GSM Developer's Manual

Signing a MIDlet Suite
The default security model involves the MIDlet suite, the signer, and public key
certificates. A set of root certificates are used to verify certificates generated by the signer.
Specially designed certificates for code signing can be obtained from the manufacturer,
operator, or certificate authority. Only root certificates stored on the handset will be
supported by the Motorola E680 handset.

Signer of MIDlet Suites

The signer of a MIDlet suite can be the developer or an outside party that is responsible
for distributing, supporting, or the billing of the MIDlet suite. The signer will have a public
key infrastructure and the certificate will be validated to one of the protection domain root
certificates on the handset. The public key is used to verify the signature of JAR on the
MIDlet suite, while the public key is provided as a x.509 certificate included in the
application descriptor (JAD).

MIDlet Attributes Used in Signing MIDlet Suites

Attributes defined within the manifest of the JAR are protected by the signature. Attributes
defined within the JAD are not protected or secured. Attributes that appear in the manifest
(JAR file) will not be overridden by a different value in the JAD for all trusted MIDlets. If a
MIDlet suite is to be trusted, the value in the JAD will equal the value of the corresponding
attribute in the manifest (JAR file), if not, the MIDlet suite will not be installed.
The attributes MIDlet-Permissions (-Opt) are ignored for unsigned MIDlet suites. The
untrusted domain policy is consistently applied to the untrusted applications. It is legal for
these attributes to exist only in JAD, only in the manifest, or in both locations. If these
attributes are in both the JAD and the manifest, they will be identical. If the permissions
requested in the JAD are different than those requested in the manifest, the installation
must be rejected.
Methods:
1. MIDlet.getAppProperty will return the attribute value from the manifest (JAR) if

Creating the Signing Certificate

The signer of the certificate will be made aware of the authorization policy for the handset
and contact the appropriate certificate authority. The signer can then send its
distinguished name (DN) and public key in the form of a certificate request to the
certificate authority used by the handset. The CA will create a x.509 (version 3) certificate
96
one id defined. If an attribute value is not defined, the attribute value will return
from the application descriptor (JAD) if present.