Mobile phone certificate can be understood as: a pass for software.
English name: telephone certificate
The third edition of S60 has greatly improved the security, and has stricter regulations on the third-party software installed and running in the system. The operation of some software related to mobile phone hardware and software/personal information security is particularly restricted (for example, automatic startup of mobile phone startup is one of the restricted functions).
Some installed software will have functional restrictions, such as incoming calls, fonts, input methods and so on.
Validity of certificates: after 65438+February 1 1 day, all development certificates are valid for 3 years from the day before the issuance date (the previous development certificates are valid for half a year).
The application must have the corresponding ability to perform the corresponding operation. The acquisition of ability can be achieved through "signing". (User ability can be granted by the user when the software is installed) Most applications need to be signed by a mobile phone certificate before they can be used.
[/reference
[quote]]
What is a "signature"
This is not a tutorial to teach you how to do "self-signing", but just a general explanation of what "signing" means, why "signing" and so on.
The third edition of S60 has greatly improved the security, and has stricter regulations on the third-party software installed and running in the system. There are no special restrictions on some operations involving the security of mobile phone software and hardware/personal information (for example, automatic startup of mobile phone is one of the restricted functions). Applications must be "signed" to achieve these "special restrictions" functions. In other words, someone should be responsible for the safety of this operation! Because any signed program cannot be installed and run. Signature: It refers to writing specific token information in a specific field of an application, which indicates that the software has passed the audit of the signer. The signer is responsible for the security of the software.
Among them, there are three kinds of signatures:
1.Symbian signature.
Which is the official signature of Symbian mobile phone operating system. Software that has passed Symbian security certification will be signed by Symbian. This software has the highest security level. Can be installed/run normally on the mobile phone/and can realize all the functions provided by the software. Obtaining Symbian signature requires the software author to deal directly with Symbian officials. For various reasons, not all software authors have the ability to obtain this certification.
2. Signature of the author
The author of the software signed his name when he released the software. This kind of software can be installed and run on the mobile phone (you may encounter a security warning, just skip it). But it can't achieve the function of "special restriction". If a software doesn't involve this function at all, it is entirely possible for the software author to sign it himself. Another possibility is that although some functions of the software are within the scope of "special restrictions", they are not the main functions. The software author may also publish an "author's signature version", which can normally use most functions, but will lose some specific functions. For example, there is this version of the "Incoming Call" software. Almost all functions can be used, but it cannot be started automatically.
3. User signature.
Strictly speaking, this should belong to the "developer signature". "I think Symbian provides a kind of" development certificate "for developers, which is linked to the IMEI (serial number) code of the machine used for testing. The software signed with this certificate can only be used on the machine corresponding to the IMEI code, and other machines cannot be used. Our so-called self-signature is actually using this method. To put it bluntly, you said you were developing software, you provided the IMEI code of your tester, and SYMBIAN gave you a development certificate/you signed your "fact piece" with this certificate. You are responsible for your "development behavior"! That's all. In addition, the development certificate is valid for half a year from the date of violation, but there is no limit on the use time of the signed program within the validity period of the certificate. Excessive accumulation, the formal application for "development certificate" subsidy is like this (please see the relevant tutorial for collective operation, here are the steps)
1. Go to SYMBIAN official website to register an account.
2. Download the witness request tool: Devcert Request.
3. Install the Devcert request tool on the PC, insert the IMEI code of your machine, and generate a CSR file, which is actually an identification file formed by your IMEI code through a specific algorithm.
4. Log in to SYMBIAN official website again, submit (upload), CSR and files, and SYMBIAN will generate a development certificate according to the identification file.
5. The development certificate obtained from the following. Write the development signature into the application with the signature tool.
Someone asked SYMBIAN why official website didn't recognize the user and directly input your IMEI code on the website hill and then download the development certificate directly. When uploading, you need a tool to form an identification file locally, which is very troublesome. What is the reason? Is a hermit who protects users. Imei = international mobile equipment identity = international mobile equipment identity card. This is similar to your "resident ID card". This thing belongs to the privacy scope. For the sake of protecting users' privacy, Symbian will not enter this information directly on the website. Using Dercert request formation. The CSR file is encrypted with IMEI information, but the user's IMEI code cannot be calculated by any means.
Regarding whether it is appropriate to post IMEI code on the forum at will, remind users to have a little privacy awareness, and often see posts asking how to turn off the shutter sound of N73 camera, how to turn off the flash and so on. In fact, these are specially designed to protect the privacy of the protected photographer, and to put it bluntly, it is to prevent *.
Description of the certification authority
Recently, it has been found that many people are asking about the functions and permissions of the certificates we use. I want to take this opportunity to tell you.
Do you all know how many functions a complete certificate has?
Now tell you that a complete certificate is not enough for 17 ability, and you must also add the ability of device developers: DRM, TCB, AllFiles. These three abilities are not issued by Saipan, so no certificate in the world is a complete certificate, and the most is 17 permission. (including the proof given by mobile phone China) Seeing this, some people may ask, why doesn't Saipan release these three abilities? In fact, you don't have to wonder, why does Saipan design version 3 machine installation software need a certificate signature? The reason is that there are too many virus softwares in 1 and 2. In order to better protect the mobile phone and prevent the virus from infecting the mobile phone, Saipan added a signature scheme to protect the mobile phone in the development of version 3. The key is that a virus software must have the three abilities mentioned just now. If the certificate we use to grant software capabilities does not have the ability to authorize software to have those three capabilities, then the signed virus software naturally does not have those three capabilities, and there is no way to talk about the virus of the third edition of mobile phones. So everyone should understand why the certificate issued by Saipan will not have those three abilities. But unfortunately, privati sys, which is often said, is difficult to get into. The highest authority of A4 can't be used (the soft A4 signed by 17 certificate of competency is not the highest authority, but the second highest authority, and the highest authority will only appear in the internal test mobile phone), but in order to prevent the hateful virus from invading, I personally think this practice of Saipan is worth understanding.
I don't know if you understand! Read it again if you don't understand, and don't be idle to express your opinions if you understand!
Supplementary description of the certification authority.
The right to explain 17 and 19 in detail.
Symbian Signed: users can authorize the capabilities of +location, readdevicedata, written devicedata, powermgmt, surveys DD, protserv, trusted ui and swevent.
Licensee/platform approval: Symbian signed capability +[DRM, TCB] supplier, [all files, CommDD, disk management, multimedia DD, network control] capability request.
[DRM, TCB] needs to be obtained from the manufacturer. [All documents, commdd, diskadmin, multimedia dd, network control] need to fill in the "Capacity Application Form" on www.symbiansigned.com to apply.
Ability (20 rights):
Network service: used to use mobile network, such as making phone calls or sending short messages.
LocalServices: used to send or receive messages via USB, infrared and Bluetooth.
ReadUserData: allows reading user data. System servers and application engines are free to impose such restrictions on their data.
WriteUserData: allows writing user data. System servers and application engines are free to impose such restrictions on their data.
Location: Allows access to the location information of the mobile phone.
User environment: allows access to real-time confidential information of users and their surroundings.
PowerMgmt: It is allowed to interrupt any process in the system or change the state of the machine (turn off the device).
SwEvent: allows keyboard and pen input events to be generated or captured.
ReadDeviceData: Allows reading system device driver data.
WriteDeviceData: permission to write system device driver data.
Allows access to logical device drivers that provide input information to peripheral devices.
TustedUI: UI that distinguishes between "normal" and "trusted" applications. When a "trusted" application displays content on the screen, an "ordinary" application cannot forge it.
ProtServ: Allow server applications to register with a protected name. Protected names begin with "!" Start at the beginning
Network Control: Allows modification or access to network protocol control.
MultimediaDD: Allows access to all multimedia device drivers (sound, camera, etc.). ).
DRM: allows access to DRM-protected content.
TCB: Allow access to the /sys and /resource directories in the terminal.
CommDD: allows access to communication device drivers.
DiskAdmin: allows hard disk management operations, such as formatting drives.
AllFiles: All files in the system are allowed to be visible, and files under /private can also be written.
The permissions of 17 refer to permissions other than TCB, DRM and AllFiles.
19 rights refer to all rights except TCB.
The certificate provided by cnmo is an authoritative certificate of 17.
〓〓◆ Solutions to common installation errors ◆〓〓
Solutions to Ten Error Prompts in Program Installation
Error prompt 1: Update error.
Problem description: This prompt usually appears because the old version of the same software in the mobile phone was not deleted when the software was installed, and it was repeatedly installed. Or conflicts caused by different titles of old and new software installers. Solution: Option 1- Uninstall the old version and install the new version of the software. Option 2- Unpack the new version of the software and change the title of the installer in the PKG document to be consistent with the old version.
Error Tip 2: Certificate error.
Problem description: 1. The installed software is not signed. 2. If it's a JAR program, it's usually because there are conflicting certificates. (Many java games will give this error prompt. For solutions, please refer to Article 2 below. Solution: No.65438 +0: Software signature. No.2: Install programs (software/games) directly on the mobile phone.
Error 3: The certificate has expired.
Problem description: The software certificate has expired. Solution: 1-adjust the time of the mobile phone to the period of the certificate, and then install it. Just set it back to the correct time after installation. Type 2- Re-sign the software.
Error Tip 4: The certificate is not yet valid.
Problem description: The mobile phone time exceeds the time limit of the software certificate. Solution: 1 Item-Check whether the date setting of the mobile phone is correct. The second-adjust the time of the mobile phone to the period of the certificate, and then install it. Just set it back to the correct time after installation.
Error Tip 5: The required program access rights are not granted.
Problem description: 1. Due to the security problems of the third edition of Saipan system, the permissions of some programs are prohibited. Programs without this permission cannot be installed. 2. Error in the certificate. Solution:No. 1: Release the forbidden authority of the program (XX mobile phone) No.2: Re-sign with unsigned software before installation.
Error 6: The certificate is restricted.
Problem description: Generally, it is caused by wrong software signature or multiple software signatures. Solution: Re-sign with unsigned software before installation.
Error 7: A protected application provided by an untrusted provider cannot be installed.
Problem description: There may be two reasons for this problem: 1. Mobile phone setting problem 2. The software is unsigned or the signature is incorrect 3. Certificate conflict. Solution:No. 1: Go to Program Management-Options-Settings: Set "Install Software" to-All; Type 2 of "Online Certificate Check": Re-sign unsigned software before installation. Type 3: Check the machine before installation. (Note: Please pay attention to backup your own data before checking the machine. )
Error 8: The file is corrupted.
Problem Description: The installer file is damaged or incomplete. When downloading or decompressing the program, the file may be damaged. Solution: Please make sure that the downloaded program file is good. It is recommended to download or decompress the program again and try again.
Error prompt 9: No prompt, no response at runtime.
Problem description: Generally, this happens in JAR programs with Chinese file names. Solution: Delete the installed JAR program, change the file name of JAR program to full English, and then try again.
Error prompt 10: The mobile phone failed to start, please contact the retailer.
Problem description: This prompt usually appears when you restart your mobile phone after a program installation failure, and some of it is caused by the failure to upgrade the machine. Solution: If a program fails to install, just take out the memory card and restart it. And delete the wrong program. If it appears after the upgrade of the mobile phone, it will be repaired again. It should be noted that some booted and memory-resident software cannot be solved by formatting. So these softwares need to be shut down or deleted before the soft grid.