Developers guidelines Signing applications

When logged in on the Symbian Signed portal, UIDs allocated to the account can be viewed by clicking “View UIDs” in the left navigation bar.

ACS publisher ID

Having an application Symbian Signed requires an ACS publisher ID, either owned by the developer or by a publisher certifier. The ACS publisher ID is used to verify the identity of the developer sending the appli- cation for signing, and to create the certificate and key necessary for a secure transfer of the application into the Symbian Signed process.

To aquire a developer certificate for testing, an ACS publisher ID is required only if the application requires certain capabilities or if testing is to be done on more than one phone. However, having an ACS publisher ID simplifies the procedures for retrieving the developer certificate.

An ACS publisher ID has to be purchased from Verisign. The following is an overview of the procedures for achieving an ACS publisher ID.

1.Go to http://www.verisign.com/products-services/security-services/code-signing/symbian-content- signing/index.html and start the enrolment process by clicking the “Buy Now” button.

2.Enter the requred information in the form and accept the subscriber agreement. Verisign confirms that the enrolment process is ongoing via email.

3.When Verisign has gone through the necessary authentication and verification procedures and approved the enrolment, this is confirmed via another email.

4.Once approved, the ACS publisher ID can be picked up from the URL given in the approval email. To start the transfer, a PIN code delivered with the approval email and the challenge phrase given by the developer on enrolment, have to be entered in the browser window.

5.The retrieved ID is stored in the browser certificate store. To use the ACS publisher ID certificate for signing, it first has to be exported from the store. A special tool, that can be downloaded from Verisign, is then used to create the certificate (.cer) and private key (.key) files to be used for signing.

For more detailed information about the purchase process and the steps needed to make use of the ACS publisher ID certificate for signing Symbian applications and request developer certificates, please refer to the instructions at http://www.verisign.com/products-services/security-services/code-signing/symbian-content-signing/index.html.

Developer certificates

During the initial phases of development, applications are preferrably tested in the emulator, normally set to ignore PlatSec security restrictions. Later during development, testing on real phones is required to ver- ify the application behavior in the targeted environment.

An application using only unrestricted APIs or user granted capabilities can be tested on real phones with- out being signed. An application requiring any other capability has to be signed with a developer certifi- cate to allow it to be installed for testing on real Symbian OS phones.

21

October 2006

Page 21
Image 21
Sony Ericsson UIQ 3 manual ACS publisher ID, Developer certificates