Symbian
Symbian Developer Library

SYMBIAN OS V9.4

Feedback

[Index] [Previous] [Next]


MakeKeys - Certification Generator syntax

[Top]


Purpose

The Certification Generator, MakeKeys.exe, is a PC based command line tool which creates a private/public key pair and issues certificate requests. The resultant private key is used to digitally sign installation files, enabling the install system to authenticate them. It carries out the following tasks:

Makekeys.exe


Makekeys.exe

[Top]


Command line syntax


Create a private key and self signed certificate

makekeys -cert [-v] [-expdays <cert-expiry-in-days>] [-password <password>] [-len <key-length>] -dname <distinguished-name-string> <private-key-file> <public-key-cert>

For example:

makekeys -cert -expdays 3650 -password yourpassword -len 2048 -dname "CN=Joe Bloggs OU=Development O=Symbian Software Ltd C=GB [email protected]" mykey.key mycert.cer

See

Arguments table below

Note:


Create a certificate request given a self-signed certificate

makekeys -req [-v] [-password <password>] -dname <distinguished-name-string> <private-key-file> <public-key-cert> <cert-request-file>

For example:

makekeys -req -password yourpassword -dname "CN=Joe Bloggs OU=Development O=Symbian Software Ltd C=GB [email protected]" mykey.key mycert.cer myreq.p10

It is then up to the developer to send the certificate request to be signed by a trusted third party, i.e. a Certificate Authority (CA). The CA uses various means to establish that the originator of the certificate request is who they claim to be. The developer's public key is signed by the CA, using the CA's private key, creating a certificate, which is then sent back to the applicant. The CA may return a single certificate, or a file containing a chain of certificates.

It is important that certificates returned by CAs are in the base64 encoded ASCII format. The Certification Generator generates base64 encoded certificate files and expects certificates that come back from a CA to be in the same format.

The CA may return a file containing a certificate chain. These are supported, and are needed if intermediate certificates are required between the CA's root certificate on the Symbian OS phone and the developer certificate.

See

Arguments table below


View certificate details

makekeys -view <public-key-cert>

Displays details of a certificate or certificate chain file. The -view command should be used with an existing certificate file (which should be in base 64 encoded format).

For example:

makekeys -view mycert.cer

See

Arguments table below


Arguments

-cert

Create the private key (private-key-file) and self signed certificate (public-key-cert). If the private key file already exists it will be used to create the self signed certificate.

-req

Create a certificate request.

-view

View certificate details.

-v

Verbose mode - displays additional diagnostic information.

-expdays

The certificate validity period in days, after which the certificate expires. If not specified, the default is 1 year.

-dname distinguished-name-string

The distinguished-name-string specifies the distinguished name attributes required for the self-signed public key certificate file. This command line option should be constructed of a string of white space separated key/value pairs as follows:

Key Attribute Example

CN

Common Name

CN=Joe Bloggs

OU

Organisational Unit

OU=Development

O

Organisation

O=Acme Ltd

L

Locality

L=

ST

State

ST=

C

Country

C=GB

EM

E-mail address

[email protected]

A distinguished name string needs at least two attributes.

-password password

Password (optional). After creation, the password must be supplied to subsequently use the private key.

-len key-length

The key-length. The minimum is 512, maximum is 4096. The key length defaults to 1024.

private-key-file

The file containing the private key. The private key should kept secret by the developer, whereas the public key is usually made generally available. Has a .key extension

public-key-cert

A self-signed certificate containing the public key. Has a .cer extension

cert-request-file

A self-contained file which is sent to the CA. The Certification Generator will create this file given a private and public key. It is then up to the developer to send the file to the CA and arrange for the application for the certificate. Has a .p10 extension.

[Top]


Also see