Just An Application

July 24, 2009

What’s New In MIDP 3.0 ? Part 43: Multiply Signed MIDlet Suites

Filed under: Java, JME, MIDletSuite, MIDP, MIDP Security, MIDP3 — Tags: , , , , , — Simon Lewis @ 4:30 pm

A MIDlet Suite may be signed using multiple distinct private keys.

This makes it posssible both

  • for the same entity to sign a MIDlet Suite multiple times, and

  • for different entities to sign the same MIDlet Suite

The first case means it is possible for a MIDlet Suite develper to obtain signing certificates from different sources, for example, network operators, and then sign a MIDlet Suite using the private key associated with each issued signing certificate. This in turn makes it possible to use the same signed MIDlet Suite on different operator networks, rather than having to re-package the MIDlet Suite for each network.

The second case makes it possible for a MIDlet Suite developer to sign a MIDlet Suite once, or multiple times as above, and then submit it to a third-party responsible for auditing or verifying its behaviour who can then sign it themselves.

The MIDlet-Jar-RSA-SHA1-<n> Attribute

A signature of a MIDlet Suite is specified using the

    MIDlet-Jar-RSA-SHA1-<n>

attribute.

The value of the attribute should be the Base-64 encoded signature of the MIDlet Suite JAR.

The canonical rules for ordinal based attributes apply. The first ordinal must be one (1). Any attribute after the first gap in the sequence is ignored.

For each signature there should be an associated certificate chain specified using one or more

    MIDlet-Certificate-<n>-<m>

attributes with the value of n in the certificate chain attributes corresponding to the value of n in the signature attribute.

The number of certificate chains must equal the number of signatures or the installation of the MIDlet Suite will fail.

Multiply Signing MIDP 2.x MIDlet Suites

Existing MIDP 2.x MIDlet Suites can also be multiply signed. If the

    Microedition-Profile

attribute specifies either

  • MIDP-2.0, or

  • MIDP-2.1

then MIDlet-Jar-RSA-SHA1-<n> attributes take precedence over the MIDlet-Jar-RSA-SHA1 attribute. If only the latter attribute is present then it it processed using the legacy MIDP 2.x authentication and verification algorithm.


Copyright (c) 2009 By Simon Lewis. All Rights Reserved

Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: