Skip to end of metadata
Go to start of metadata

Overview

The RAMP VM itself can be signed, currently signing is only supported for J2ME MIDP 2.0 and Android based VMs.

Signing

The deployment platform requires a private key and certificate that is in DER format in order to be able to sign the VM. The easiest way to generate a private key and certificate is to use openssl. The following openssl commands generate a DER private key and self-signed certificate.

openssl genrsa -out key.pem 1024
openssl req -new -key key.pem -out key.csr
openssl x509 -req -days 1001 -in key.csr -signkey key.pem -out key.crt.pem
openssl pkcs8 -topk8 -nocrypt -in key.pem -inform PEM -out key.der -outform DER
openssl x509 -in key.crt.pem -inform PEM -out key.crt.der -outform DER

Note that J2ME MIDP 2.0 does not allow for self-signed applications and a valid certificate, from a certificate authority that has its root certificate present on the device, should be used.

Uploading to deployment platform

In order to use your signing key/certificate you have to upload it to the deployment platform. After logging in navigate to:

RAMP VM CONFIG->VM Signing->NEW SIGNING PARAMS

The following must be set:

  • Private key: The DER format of your private key.
  • Certificate: The DER format of your certificate.
  • Capability groups: This defines the set of RAMP VMs that will be signed with the key and associated certificate.
  • Name: The name of your signing key/certificate on the deployment platform.
  • Version: The version of your signing key/certificate on the deployment platform.
  • Description: A brief description of the signing key/certificate.
  • No labels

1 Comment

  1. Alternative keytool way using tool java-exportpriv-1.0.tgz.

    first

    cd java-exportpriv/
    javac ExportPriv.java Base64Coder.java
    

    copy .class files to folder where generate keys and cert

    keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -validity 10000
    keytool -export -rfc -alias alias_name -file cert.pem -keystore my-release-key.keystore -storepass {keystorepassword}
    java ExportPriv my-release-key.keystore alias_name {keystorepassword} > key.pem
    openssl pkcs8 -topk8 -nocrypt -in key.pem -inform PEM -out key.der -outform DER
    openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER