A Software Installation (SIS) file can be generated as an unsigned file, a self-signed or signed file. Self-signed and unsigned packages are considered to be unknown, and are installed by the Software Installer, depending on the security policy of the Symbian device.
If the SIS
file is signed, the Software
Installer validates the certificate chains and based on verification, installs
the SIS
file or aborts the installation.
Create a private key-public key pair and certificate request using the MakeKeys tool. For details, see MaKeKeys Tutorial.
Submit the certificate request to a Certificate Authority (CA) and receive an authenticated digital certificate.
Create a package (PKG) file containing all the elements required to create the installation file. For details see PKG File Format .
Run MakeSIS at the command prompt to create an unsigned SIS file. Specify the PKG file as input argument, as shown in the following example:
makesis mypackage.pkg
MakeSIS
generates an unsigned SIS file.
Run SignSIS at the command prompt to sign the unsigned SIS file. Specify the unsigned SIS file as input, and public key certificate and private key as arguments, as shown in the following example:
signsis trustedchain.pem eecertkey.key mypackage.sis
Based on the certificate provided as input, SignSiS
generates
a signed SIS file. For details, see Signing
Note: As an alternative to step 4 and 5, run the
CreateSIS tool at the command prompt to generate and sign the installation file. Specify the trusted certificate-key pairs as arguments, as shown in the following example:createsis create -cert trustedchain.pem -key eecertkey.key mypackage.pkg
The process of creating an installation file can be understood using the following illustration:
While creating a SIS file using the CreateSIS tool,
if you do not specify the key or certificate on the command line the create
method
generates a key and a matching self-signed certificate, and uses it to sign
the resulting SIS file.
The generated certificate and key is dumped
into the current working directory as cert-gen.cer
and key-gen.key
files.
If key-gen.key
exists, the certificate and key filenames
are indexed incrementally. That is, cert-genx.cer
and key-genx.key
,
where x is the incremental index.
Note: The passphrase
encryption is not an option. It must be provided with the -pass
option.
If this option is not specified, CreateSIS prompts for the passphrase
during key generation.