A developer’s guide to Symbian Signed

v1.1 – 20th September 2005

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 1

Presentation contents

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 2

Presentation contents
• Engineers’ introduction to Symbian Signed
… underlying technology
… process overview
• ‘How to’ information
… learn more about the program
… obtain an ACS publisher ID
… prepare application for uploading
… submit an application
… what happens next?

• Issues to be aware of

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 3

1. Engineers’ introduction to
Symbian Signed

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 4

1. Engineers’ introduction to
Symbian Signed

Introduces the main technology concepts from a

technical point of view. For details of the commercial
and business drivers see www.symbiansigned.com

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 5

1.1 Underlying technology

Industry standards used by Symbian Signed.

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 6

Underlying Technology
• Technical goals of Symbian Signed
… prevent .SIS file tampering
… ensure application supplier (ISV) can be identified
… put in place a framework process for revoking a SIS file’s
certificate
• revocation solution not currently rolled out: future versions of
Symbian OS will support this
• revoking one SIS file will not affect any others also installed

• Solution
… public Key Infrastructure (PKI) based security model
… Symbian SIS file security features

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 7

Protecting a SIS file by ‘PKI’ signing (1/2)
• Signer issued with ‘private key/public certificate’ pair
• SIS file signed with the private key
Signing involves:
… generating ‘hash value’ of SIS file
• ‘hash value’ is generated data that is same length for any file
• highly unlikely two files will have same ‘hash value’ data
• using ‘hash value’ reduces size of signature
• otherwise signature block same size as unsigned SIS file
… ‘hash value’ signed with private key to produce signature
• signature unique to key and ‘hash value’ used
… signature and public certificate added to SIS file
• SIS file forwarded to receiver

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 8

Protecting a SIS file by ‘PKI’ signing (2/2)
• Receiver traces certificate chain to identify issuer
… SIS only trusted if chain ends with correct ‘root certificate’
• Receiver checks SIS signature using public certificate
checking involves:
… removing signature and public certificate from SIS file
… decrypting signature with public certificate
• gives back original ‘hash value’ that was created by the signer
… generating new ‘hash value’ of SIS file
• receiver uses same hash algorithm signer used
… compare the original and new hash values
• same - SIS file contents have not been changed
• different - SIS file contents have changed since signed

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 9

Summary of ‘PKI’ signing benefits
• If SIS file intercepted and hacked this will be detected
• If certificate does not chain back to trusted (i.e.
Symbian) root, receiver will reject
• Provided key remains secret, system difficult to crack
• A compromised certificate/key pair can be revoked

Note:
• Signing a SIS file does not encrypt its contents
… file contents still visible in compressed form as with any
unsigned SIS file
… contents can still be stolen/reverse engineered

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 10

1.2 Process overview

Summary of secure steps making up the

Symbian Signed process.

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 11

Symbian Signed process outline (1/2)
Prerequisites:
• ISV obtains ACS publisher ID from VeriSign
… ACS ID is a certificate/key pair, chains to ‘VeriSign root’
… ACS ID is valid for 12 months
ISV submits app for testing:
• ISV signs all SIS files with their ACS publisher ID
… ACS signature valid for Test House, not installing on phones
• ISV submits their signed SIS file for testing
• Test House checks signature is valid, tests SIS file
… certificate must chain correctly to ‘VeriSign root’
• Test House installs SIS file and performs testing

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 12

Symbian Signed process outline (2/2)
Test House has SIS file re-signed by Certificate Authority
• If tests show the application is satisfactory…
• Unique certificate/key pair created for this SIS
… unique certificate/key pair chains to ‘Symbian root’
• Certificate Authority removes original ACS signature
… re-signs same SIS file with new unique key
• Application is now Symbian Signed
• User downloads Symbian Signed application
• Phone’s Installer app checks SIS signature is valid
… only trusts certificates chaining back to ‘Symbian root’

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 13

Why is the SIS file re-signed? (1/2)

• ACS publisher ID chains to VeriSign root

… Installer application cannot trust VeriSign root:
• many certificates issued from VeriSign root
• not specific to Symbian Signed
• therefore does not imply application is Symbian Signed

… Test House itself does trust VeriSign root, however:

• identifies SIS supplier as a legitimate organization
• proves received SIS file has not been hacked in
transmission (i.e. can check it chains back correctly to
VeriSign root)

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 14

Why is the SIS file re-signed? (2/2)
• Unique content certificate chains to Symbian
root - installed on the device
… installer can trust Symbian root because
• certificates from this root only issued via Symbian
Signed

… further each certificate is unique, so a single SIS

file can potentially be revoked later
• other SIS files from same ISV will remain valid

• Conclusion: both signatures provide trust, but

the type of trust provided is different

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 15

2. ‘How to’ Information

Outlines what actually needs to be done to

successfully complete the Symbian Signed
process outlined in Section 1.

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 16

2.1 Learn more about the program

The most important aspects to be aware of to

pass smoothly through Symbian Signed.

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 17

Key considerations
• Benefits of Symbian Signed
… to all parties in the value chain, including ISVs
• Preparing the application effectively
… understand the types of tests/quality required
• Understanding the infrastructure
… obtaining an ACS publisher ID
… signing the SIS file
… uploading the file
… providing correct information to the Test House

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 18

Sources of information
• Primary source of information regarding Symbian
Signed is https://www.symbiansigned.com/app/page
… outlines basic tests applications must pass
… standards for applications that create billable events
… detailed description of testing and signing process
… latest news as Symbian Signed evolves
… frequently asked questions
• Information on developing quality Symbian OS
applications http://www.symbian.com/developer
• VeriSign ACS publisher ID for Symbian ISVs site
http://www.verisign.com/products-services/security-
services/code-signing/symbian-content-signing/index.html

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 19

2.2 Obtain an ACS publisher ID

How an ISV gets an ACS publisher ID.

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 20

About the ACS Publisher ID
• Standard key/certificate pair issued to corporations
• Used to sign SIS files before submitting to Symbian Signed
… allows test house to be assured submitter is genuine
… prevents SIS file being maliciously changed
… paramount importance to protect the secret key
• Valid for a period of 12 months
… sign any number of SIS files in that period
• Can also be used for other code signing programs
… VeriSign bundle ‘signing events’ with the ACS purchase
… not needed for Symbian Signed
… but can be applied to other signing programs
• Additional info on ACS (see guides and datasheet)
http://www.verisign.com/products-services/security-services/code-
signing/symbian-content-signing/index.html

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 21

Obtaining an ACS Publisher ID - Overview
Process overview
• Visit VeriSign site
• Apply for ID
• VeriSign will check and confirm your identity
• Pick up ACS publisher ID as per instructions
… must use same PC that was used to apply
• Export ACS publisher ID into the format required by
the MakeSIS tool

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 22

Apply for ID (1/3)
Web based application on VeriSign site
http://www.verisign.com/products-services/security-services/code-
signing/symbian-content-signing/index.html

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 23

Apply for ID (2/3)
• Complete the online application form

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 24

Apply for ID (3/3)
• Information needs to be legitimate and verifiable
… ensure information is accurate
… contact people provided should be aware of this application
… certificate might be delayed if contact not available
… use publicly listed switchboard number, not direct dial
• Follow all instructions carefully
• Credit card payment likely to be most expedient
… wire transfer available with additional handling fee
… purchase order and check payment possible also
• Remember the challenge phrase
… needed to pick up final certificate

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 25

Pick up ID (1/3)
• Certificate will be issued after
… company details are verified
… payment is received
• Email notification sent to contact listed at enrolment
• Follow link in the email notification

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 26

Pick up ID (2/3)
• Fill in required fields
• Do NOT check ‘Protect Private Key’ option (if present)
… checking will prevent exporting of key later!

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 27

 Pick up ID (3/3)

• Press Submit and accept resulting dialog

• Certificate/key pair will be generated
… this may take a few minutes
• Installed automatically into IE certificate store
… may need to have browser set to American English
… bug in site that should be corrected by now

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 28

Export key pair for MakeSIS (1/9)
Export certificate/key pair from IE browser:
• Select Internet Options from Tools menu
• Select Content tab
• Hit Certificates button

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 29

Export key pair for MakeSIS (2/9)
• Highlight ACS Publisher Certificate
• Click Export, and Next when wizard appears

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 30

Export key pair for MakeSIS (3/9)
• Choose Yes to export the private key also
• If this option is greyed out contact VeriSign
… verify private key was not protected during pick up

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 31

Export key pair for MakeSIS (4/9)
• Choose PKCS #12 format
• Deleting private key removes it permanently from IE
… cannot then be exported again at a later date

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 32

Export key pair for MakeSIS (5/9)
• Password protection is recommended
… protects key from use by unauthorized entities
… alternatively key file can be PGP encrypted after export

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 33

Export key pair for MakeSIS (6/9)
• Finally, specify a name and location
… exported file contains certificate and private key
• Protect access to the file once saved
… especially if you did not set a password

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 34

Export key pair for MakeSIS (7/9)
• Now have a .pfx file in the filing system
… contains public certificate and private key
• Download the key export tool from VeriSign
http://www.verisign.com/products-services/security-services/code-
signing/symbian-content-signing/page_002759.html

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 35

Export key pair for MakeSIS (8/9)
• Unzip key export tool into a folder on your PC
• Use tool to extract certificate and key files
… note extracted key file will not be password protected
… recommend PGP encrypting key file when not being used

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 36

Export key pair for MakeSIS (9/9)
• Now have the certificate

• ...and the key file

• In format compatible with MakeSIS

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 37

2.3 Prepare application for uploading

How to sign and package an application in

order to successfully upload it for testing.

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 38

Prepare application for upload
Two stages:
• 1. Sign the SIS file
… using the ACS publisher ID and MakeSIS

• 2. Package with supporting materials

… wrapped into a zip archive with the SIS file

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 39

Sign application (1/2)
• Add line to application’s package file
… position of line in file is important
… must be on line preceding list of files to install, after header
… signature line starts with asterisk character
… lists path and name of key and certificate files

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 40

Sign application (2/2)
• Run MakeSIS as usual

• Generated SIS file will be signed

… signature not trusted by phone
… phone will warn on install or prevent install
… but ACS publisher ID is trusted by Test House
… Test House will re-sign SIS files which pass tests to chain
to Symbian root
… phone does trust Symbian root

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 41

Package application
Create a new zip file archive and add:
• the signed SIS file
• the package file used to create the SIS file
either
• a readme.txt
or
• a user guide in PDF format
… to instruct the Test House on using the application
• Do NOT include either certificate or key files used

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 42

2.4 Submit an application

How to submit an application for testing.

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 43

Submit application
• Visit https://www.symbiansigned.com/app/page
• First time need to complete simple registration
… subsequent visits, use login details received after registration

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 44

Submit application
• Login to get access to ISV features

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 45

Submit application
• Click Submit new option

• Follow instructions on each page

• Then advance to next stage

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 46

Submit application (1/2)
Breakdown of steps:
• 1. Indicate compliance with standard tests
• 2. Verify possession of ACS Publisher ID
• 3. Select Test House
… CapGemini
… NSTL
… MphasiS
… others TBA...
• 4. Supply contact information
• 5. Supply application information
… option to list in Application Catalog for marketing purposes

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 47

Submit application (2/2)
Breakdown of steps:
• 6. Declarative statements of compliance
… standards met for certain application operations
… baseline requirements protect User Data and billable events
• 7. Upload application for testing

• Steps being refined to reflect program maturing

… data only SIS file support
… ability to submit ‘deltas’ to previously signed applications for
minor changes

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 48

2.5 What happens next?

What an ISV can expect to happen in the

testing process.

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 49

Checking status of submission
• At http://www.symbiansigned.com, use Applications
button to:
… check status of each submitted application
… provide feedback requested by the Testing House

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 50

What happens next? (1/2)
• Signature of SIS file is checked
… signer verified as valid ACS publisher
… or application rejected
• Test house prepares an estimate of cost to test
… submitter approves cost and makes payment
… or asks for costs to be re-evaluated with explanation
… usual cost for initial testing is €560 as of May 2004
… application subjected to testing
• using testing guidelines and standards available from
www.symbiansigned.com

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 51

What happens next? (2/2)
• Application passes testing
… Application re-signed, with new unique certificate (chained
back to Symbian Root)
… Listed in Applications Catalog if desired
• See https://www.symbiansigned.com/app/page/faq/catalogue
for further information
or…
• Application does not pass testing
… ISV notified of areas to correct
… along with cost to re-submit
… application re-tested once re-submitted

• Application can be re-tested any number of times

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 52

3. Issues to be aware of

Issues that have been experienced by beta

users.

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 53

Issues to be aware of (1/3)
VeriSign can't verify my company
more likely to happen to non-US and non-European companies
• In this case VeriSign will contact you with instructions
… fax official company registration document for your country
… provide local language version with official stamp/seal
… provide English translation
… and certification for translator
• If you think this is likely it is worth being prepared
… ACS publisher ID will not be issued until company verified
… locate official company document
… identify suitable local translator

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 54

Issues to be aware of (2/3)
I can't download my ACS Publisher ID
• An old defect in VeriSign site which should be resolved for most
browsers now
• But try setting browser to English American if you have problems

My application failed testing

• Look carefully at ‘Writing Good Applications’ paper on Developer
Network and check you follow guidelines
• Look carefully at feedback from testing house
• Determine what needs to be fixed
• Resolve anything that seems unclear
• Ensure waivers and exceptions are properly applied for
• Re-submit

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 55

Issues to be aware of (3/3)
Who do I contact for support on Symbian Signed?
• http://developer.symbian.com/forum/forum.jspa?foru
mID=2
How do I raise a waiver and at what point?
• Instructions in Test Criteria document
• Waiver form is appendix to the Test Criteria document
• Submit waiver form to the test house you have chosen to test
and sign your application

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 56

Presentation summary
• Engineers’ introduction to Symbian Signed
… Underlying technology
… Process overview
• ‘How to’ information
… Learn more about the program
… Obtain an ACS publisher ID
… Prepare application for uploading
… Submit an application
… What happens next?

• Issues to be aware of

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 57

 Questions or feedback?

http://developer.symbian.com/forum/fo
rum.jspa?forumID=2

Copyright © 2005 Symbian Software Ltd. All Rights Reserved. 58