|
|
Classification: |
General |
Category: |
Symbian Signed |
Created: |
03/09/2005 |
Modified: |
03/23/2005 |
Number: |
FAQ-1230 |
Platform: |
Not Applicable |
|
Question: What phones have the Verisign ACS Class 3 PKI? What is, and what phones have, the Symbian B PKI?
Answer: Verisign have an extensive FAQ on this subject at http://www.verisign.com/products-services/security-services/code-signing/symbian-content-signing/faq.htmlThere are also many good explanations of digitial signing on the Internet (just search for "Digital Certificates" using any
good search engine).
The main digital root certificates used are discussed below:
Verisign ACS Class 3 PKI: This is the chain of trust and root owned and managed by Verisign. It is used to provide Class 3 ACS Publisher IDs to ISVs
that have been validated against Verisign's verification critieria.
Developer sign their SIS files with this ACS Publisher ID prior to submitting for testing. SymbianSigned can reliably determine
the source of the SIS file (identity of the signer) by the "chain of trust" back to Versign's Class 3 root.
The root in this chain is not installed on the device, so a SIS file which is signed only with the publisher ID certificate will not be "trusted" (and may not install) on a device. This is reasonable because in
order to "trust" the application it must also be verified that it has passed testing. The "Symbian B PKI" root provides this assurance.
Symbian B PKI: After passing SymbianSigned tests, the SIS file is re-signed with a certificate that traces back to the Symbian signed "B"
root. This is the Symbian 'production' PKI with the end certificate being the signing instance. The end certificate of this
chain is a stamp of approval for Symbian Signed Test Criteria and process.
The root is installed on the devices released from January 2004 onwards. Devices that may not include the root are; early
versions of 6600, 3650, 7650, P800, 92xx and Motorola devices to date (the aim is that this will change shortly). Series 60 and Sony Ericsson provide interim certificate installation SIS files to post-install the Symbian B root on phones that don't have the root certificate
pre-installed.
If the SIS file is Symbian Signed (chains to Symbian B root certificate) the application will install on the devices (that
have the root, see above) without a warning and provide certificate information to the end user.
|
|
|