MakeKeys
- the certification generator
Symbian's secure software installation system allows users, prior to installing software, to:
identify the software vendor
verify that the installation file has not been tampered with since it was created.
These checks are particularly important within an environment in which there is easy access to a wide range of downloadable software.
MakeKeys
creates a public/private key pair. These are used
by the installation file signer (SignSIS
) to digitally sign an
installation file. This process, and the way secure installation works, are
discussed in the following sections.
This section gives an overview of public-key, or asymmetric, cryptography which is used in the installation of software components.
Public-key cryptography uses a pair of keys: one that is designated the private key and kept secret, the other that is called the public key and is made generally available.
Information encrypted using one key can only be decrypted using the other, and vice versa. The implication of this is that if a message can be decrypted using the public key, then it must have been sent from the owner of the private key. Similarly, messages encrypted using the public key can only be decrypted by the private key.
Public key cryptography can be used to create a digital signature. A hash is calculated for some data; this is a small, fixed-length value generated by a function that has the property that different values for the data will result in different hash values. The hash is encrypted using a private keyto create the digital signature. The signature is appended to the data along with a public key and sent to another user.
To verify the signature, the user decrypts the hash value using the public key provided, and also recalculates the hash value from the data. If the two hash values are the same then it can be assumed that the data received was sent by the person with access to the corresponding private key.
Digital signatures do not in themselves assure the authenticity of data, since they only ensure that the person sending the data has the private key corresponding to the public key used to check the signature.
It is still necessary to identify the owner of the public key, and this is the purpose of certificates.
A certificate is a public key together with some other information, collectively signed with some private key. The certificates used for secure software installation are identity certificates, in which the other information is a name identifying the public keys owner.
If the recipient of the message trusts the public key corresponding to the private key used to sign the certificate, then they can have some confidence that the public key in the certificate belongs to the individual named in the certificate.
Organisations called Certification Authorities (CAs) issue certificates: individuals can supply a public key and their name to these organisations, which verify the identity of the individual and sign their public key and name with the CAs private key. As a result, anybody who trusts the CAs public key can use it to verify signatures generated by that individual.
So, if the Symbian OS phone includes a certificate from a given CA, and this certificate is marked as being trusted for secure software installation, then a developer can generate a key pair, get the public key certified by that CA, then use the private part of their key pair to sign their program. The resulting installation file, consisting of the program, its signature and the developers certificate, may be distributed to end users. The process used to implement this scheme is discussed in The Process section below.
On the phone, the secure software installation process first checks the signature on the installation file, using the public key in the developers certificateto ensure that the install package is signed by the developers private key. It then checks the signature on the developers certificate using the CAs public key from the CAs certificate to ensure that the key pair really does belong to the person named in the certificate.
The Certification Generator creates a self signed certificate, which can be used for testing purposes. In this case a key pair is generated, then the public key and the developers name are signed with the private key. This can also be used to create an installation file, but since Symbian OS phones will not include a copy of the developers public key it will not be possible to authenticate the file.
Creating installation files using the Certificate Generator and Installation File Generator is relatively simple, and requires no knowledge of how public key cryptography and digital signatures work.
The following steps detail the process required to create a digitally signed installation file.
Run the Certificate Generator to create a private key and a self signed certificate containing its corresponding public key.
Run MakeKeys to create a certificate request.
Submit the certificate request to a Certification Authority and receive an authenticated digital certificate.
Specify the private key and digital certificate as command line arguments in step 6.
Run MakeSIS to create the unsigned installation file.
Sign the the installation file using SignSIS.