The security tool, certapp, is a PC-side
tool that creates and manages Symbian certificate stores. It can be
configured to run as a standalone tool on both Windows and Linux platforms.
The Symbian platform provides implementations
of two types of certificate store, the native Software Install (SWI)
Certificate Store (swicertstore) and the File Certificate Store (filecertstore).
The certapp tool enables the creation, augmenting,
dumping and debugging of both the certificate stores. In addition,
the tool also enables the dumping of certificates.
A certificate is an electronic document that binds a user's identity to a particular public or private key pair. It is commonly used to authenticate cryptographic public keys.
Certificates are issued by a Certification Authority (CA). They usually include information such as a label, serial number, validity period, certificate format (for example, X.509) and algorithm type (for example, MD2RSA).
The certificate files managed by certapp must
be in one of the following formats:
A certificate store is a database file that can store and manipulate certificates. The certificate store handles operations such as storing and retrieving certificates, assigning trust status to certificates on an application-by-application basis, constructing and validating certificate chains and checking online certificate revocation.
The file certificate store holds certificates for use by various applications that involve some authentication process. For example, it may contain certificates suitable for SSL/TLS server authentication.
The file certificate store is implemented as a software plug-in which accesses two files that must be included in a device’s ROM, and are copied to the C: drive on first use. They are:
cacerts.dat: The physical file certificate store itself which holds the actual
certificates and their associated metadata, including the application
UIDs, to which the certificates apply. .
certclients.dat: The certificate applications store that holds a list of the human-readable
names and UIDs of applications that trust the certificates held in cacerts.dat.
A SWI certificate store holds the trust anchors necessary to
validate all SIS files that will be installed on the device. Physically,
the certificates are held in a data file, swicertstore.dat. There are two parts to the SWI certificate store, an immutable
store held in ROM and a writeable store that may be updated post market.
The certapp tool reads a series of input files containing certificate details,
merges the input file data in memory, and writes the merged data into
appropriate certificate store output files. Run the tool from the
command line by specifying the input and output file names as arguments.
For details of the command line arguments, see certapp Reference.
The tool accepts data files as inputs for operations such
as creating a certificate store, dumping a certificate store or certificates
to human-readable form and augmenting a certificate store. The data
files can be in either binary or human-readable forms. These files
typically contain details of individual certificates and the applications
that the certificates validate. Many such data files can be merged
together using the certapp tool to create one or
more certificate store database files.
Database files are
typically the certificate store files created as output when you provide
data files as inputs to the tool. The database files can be created
for both the SWI certificate store (swicertstore.dat) and the file certificate store (cacerts.dat and certclients.dat).
Notes:
The input files for the various certificate stores must follow specific formats. For details, see Certificate Store Human-Readable File Formats.
For information
on how the certapp tool processes the information
given in the input files to generate output files, see How certapp Processes
Input File Information.
The certapp tool helps in performing the following tasks:
Creating a certificate store
Dumping a certificate store to human-readable form
Augmenting a certificate store
For details, see Using certapp.