How to Sign J2ME MIDlet

from http://m-shaheen.blogspot.com/2009/07/1.html

 

MIDlet Signing process steps can be summarized into :

1. Generate public/private key pairs.

2. Generate Certificate Signing Request (CSR) and submit it to CA .

3. Sign the MIDLet with the certificate.

Software requirements

1. Sun java 2 SDK or JRE

2. Sun Wireless Tool Kit (WTK)

The steps are:

1. Generate public/private key pairs

a. Create a Keystore:

From command line Navigate to java 2 SDK bin directory and type the below command :

keytool -genkey -keyalg rsa -keystore <keystore_filename> -alias <alias_name>

it prompts you to enter a password for your keystore, your name, organization, and address.

b. List the generated keypairs 

To see your generated keypairs entry ,type the below command :

keytool -keystore <keystore_filename> -list

2. Generate Certificate Signing Request (CSR) and submit it to CA :

You need to generate a (CSR) for the enrollment process.

a. generate CSR

Type the below command to create a CSR for the key pair in the keystore:

keytool –certreq –file <certreq_filename.csr> –keystore <keystore_filename> -alias <alias_name>

b. submit the generated CSR to CA 

3. Sign the MIDLet with the certificate:

Once the CA has approved your request, you will receive the certificate, the steps are:

a. Import the certificate to your Keystore

Use the below command

keytool –import –trustcacerts –keystore <keystore_filename> -alias <alias_name> -file <cert_filename>

b. Sign the JAD file

Use JadTool utility to signs a JAR file by adding both of the certificate and the JAR file’s digital signature to the Java Application Descriptor (JAD) file, the process will be :

b.a. Adding the certificate to JAD

use JadTool.jar tadd the certificate as the value of an attribute named MIDlet-Certificate-m-n, where m is the number of the certificate chain, and n is an integer that, for new certificates, begins at one and increments by one each time you add a new certificate to the JAD file.

Java -jar %WTK_HOME%\bin\JadTool.jar -addcert -keystore <keystorename> -alias <aliasname> -storepass <password> -inputjad <input_jadfile> -outputjad <output_jadfile>

You should see the below attributes added to your output jad file

MIDlet-Certificate-1-1,MIDlet-Certificate-1-2,MIDlet-Certificate-1-3

b.b. Adding JAR’s digital signature to the JAD

Gets the JAR’ digital signature, stores it as the value of the MIDlet-Jar-RSA-SHA1 attribute of the output JAD file.

java -jar %WTK_HOME%\bin\jadtool.jar -addjarsig -jarfile <jar_file> -keystore <keystorename> -alias <aliasname> -storepass <password> -keypass <password> -inputjad <input_jadfile> -outputjad <output_jadfile>

Where The default value for -jarfile is the MIDlet-Jar-URL property in the JAD file.

References:

https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR185

https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=SO8381

http://java.sun.com/products/sjwtoolkit/wtk2.5.2/docs/UserGuide-html/commandline.html

http://java.sun.com/j2se/1.4/docs/tooldocs/win32/keytool.html

http://java.sun.com/javame/reference/docs/sjwc-2.2/pdf-html/html/tools/jadtool.html