Groups > Symbian > Symbian SDKs > Re: [S60_3rd] A question about Symbian Signed




[S60_3rd] A question about Symbian Signed

[S60_3rd] A question about Symbian Signed
Wed, 12 Jul 2006 10:57:04 +080 
Hi,
  I have a question about Symbian Signed. To be signed is required or
optional for user application?
From the documentation, it seems I can use self-signed facility to sign my
app. However, someone else tells me it's required by nokia device.
  I have an application which requires strong encryption API. I know I have
to acquire Symbian DevKit
if I want to use strong encryption API. Suppose I can get Symbian Devkit, is
there any other problems to use it? Do I need to get symbian signed if I use
strong encryption API?
  Thank you very much!
  Catherine
Post Reply
Re: [S60_3rd] A question about Symbian Signed
Thu, 13 Jul 2006 10:58:32 +010 
Whether your application requires signing depends on the capabilities (i.e.
APIs) you use:
- if the app uses no capabilities, it doesn't need to be signed.
- if the app uses only the basic capabilities, it doesn't need to be signed
  but the user will need to authorise it when the app is installed.
- if the app uses any other capabilities, it will need to be signed.

It's possible that Nokia have chosen to insist that all apps (regardless of
the conditions above) must be signed - you'll need to check their website.

As your application requires strong encryption, it sounds like it will be
complex enough to require signing. You'll need to check the documentation
for the APIs that you use to see what capabilities they require, and hence
determine what level of signing is required.

Mark
Symbian Developer Network


P.S. You may find it more appropriate to post this type of query in the
discussion.symbian.signed newsgroup.


"Catherine" <watermark_wuyan@hotmail.com> wrote in message
news:hBXOR8VpGHA.4680@UKCOL01WWEB01.symbian.intra...
> Hi,
>   I have a question about Symbian Signed. To be signed is required or
> optional for user application?
> From the documentation, it seems I can use self-signed facility to sign my
> app. However, someone else tells me it's required by nokia device.
>   I have an application which requires strong encryption API. I know I
have
> to acquire Symbian DevKit
> if I want to use strong encryption API. Suppose I can get Symbian Devkit,
is
> there any other problems to use it? Do I need to get symbian signed if I
use
> strong encryption API?
>   Thank you very much!
>   Catherine
>
>
Post Reply
Re: [S60_3rd] A question about Symbian Signed
Thu, 13 Jul 2006 16:26:58 +100 
Test
"Catherine" <watermark_wuyan@hotmail.com> wrote in message 
news:hBXOR8VpGHA.4680@UKCOL01WWEB01.symbian.intra...
> Hi,
>  I have a question about Symbian Signed. To be signed is required or
> optional for user application?
> From the documentation, it seems I can use self-signed facility to sign my
> app. However, someone else tells me it's required by nokia device.
>  I have an application which requires strong encryption API. I know I have
> to acquire Symbian DevKit
> if I want to use strong encryption API. Suppose I can get Symbian Devkit, 
> is
> there any other problems to use it? Do I need to get symbian signed if I 
> use
> strong encryption API?
>  Thank you very much!
>  Catherine
>
>
Post Reply
Re: [S60_3rd] A question about Symbian Signed
Thu, 13 Jul 2006 22:29:31 +030 
To help clear out the confusion: signed is used below in the sense of 
certified, quality controlled (i.e. Symbian Signed) while any S60 3rd 
Edition application needs to be signed (as in authenticated) in order to 
be installed. In the later case a self-generated certificate will do the 
trick ...

Mark Shackman wrote:
> Whether your application requires signing depends on the capabilities
(i.e.
> APIs) you use:
> - if the app uses no capabilities, it doesn't need to be signed.
> - if the app uses only the basic capabilities, it doesn't need to be
signed
>   but the user will need to authorise it when the app is installed.
> - if the app uses any other capabilities, it will need to be signed.
> 
> It's possible that Nokia have chosen to insist that all apps (regardless
of
> the conditions above) must be signed - you'll need to check their website.
> 
> As your application requires strong encryption, it sounds like it will be
> complex enough to require signing. You'll need to check the documentation
> for the APIs that you use to see what capabilities they require, and hence
> determine what level of signing is required.
> 
> Mark
> Symbian Developer Network
> 
> 
> P.S. You may find it more appropriate to post this type of query in the
> discussion.symbian.signed newsgroup.
> 
> 
> "Catherine" <watermark_wuyan@hotmail.com> wrote in message
> news:hBXOR8VpGHA.4680@UKCOL01WWEB01.symbian.intra...
>> Hi,
>>   I have a question about Symbian Signed. To be signed is required or
>> optional for user application?
>> From the documentation, it seems I can use self-signed facility to sign
my
>> app. However, someone else tells me it's required by nokia device.
>>   I have an application which requires strong encryption API. I know I
> have
>> to acquire Symbian DevKit
>> if I want to use strong encryption API. Suppose I can get Symbian
Devkit,
> is
>> there any other problems to use it? Do I need to get symbian signed if
I
> use
>> strong encryption API?
>>   Thank you very much!
>>   Catherine
>>
>>
> 
>
Post Reply
Re: [S60_3rd] A question about Symbian Signed
Fri, 14 Jul 2006 11:02:35 +010 
[Hamish W has checked this out further and responds:]

A quick review of the documentation for crypto shows that the APIs are not
controlled through the use of any capabilities. While absence of capability
information in the documentation is not a canonical indication that no
capability is required, this does make sense to me - there isn't any real
security risk in making use of these.

The canonical way to check is to use the APIs you want with platform
security
diagnostics enabled (go to Symbian FAQ and search on diagnostics) and review
the log.

Regards
H


"Mark Shackman" <-> wrote in message
news:k%23UskMmpGHA.5360@UKCOL01WWEB01.symbian.intra...
> Whether your application requires signing depends on the capabilities
(i.e.
> APIs) you use:
> - if the app uses no capabilities, it doesn't need to be signed.
> - if the app uses only the basic capabilities, it doesn't need to be
signed
>   but the user will need to authorise it when the app is installed.
> - if the app uses any other capabilities, it will need to be signed.
>
> It's possible that Nokia have chosen to insist that all apps (regardless
of
> the conditions above) must be signed - you'll need to check their website.
>
> As your application requires strong encryption, it sounds like it will be
> complex enough to require signing. You'll need to check the documentation
> for the APIs that you use to see what capabilities they require, and hence
> determine what level of signing is required.
>
> Mark
> Symbian Developer Network
>
>
> P.S. You may find it more appropriate to post this type of query in the
> discussion.symbian.signed newsgroup.
>
>
> "Catherine" <watermark_wuyan@hotmail.com> wrote in message
> news:hBXOR8VpGHA.4680@UKCOL01WWEB01.symbian.intra...
> > Hi,
> >   I have a question about Symbian Signed. To be signed is required or
> > optional for user application?
> > From the documentation, it seems I can use self-signed facility to
sign
my
> > app. However, someone else tells me it's required by nokia device.
> >   I have an application which requires strong encryption API. I know
I
> have
> > to acquire Symbian DevKit
> > if I want to use strong encryption API. Suppose I can get Symbian
Devkit,
> is
> > there any other problems to use it? Do I need to get symbian signed if
I
> use
> > strong encryption API?
> >   Thank you very much!
> >   Catherine
> >
> >
>
>
>
Post Reply
about | contact