blackberry signing authority tool 1.0 - password based - administrator guide

BlackBerry Signing Authority ToolVersion 1.0 - Password Based

Administrator Guide

BlackBerry Signing Authority Tool Version 1.0 - Password Based Administrator Guide

Last revised: 28 October 2005

Part number: PDF-05450-001

©2005 Research In Motion Limited. All Rights Reserved. The BlackBerry and RIM families of related marks, images, and symbols are the exclusive properties of Research In Motion Limited. RIM, Research In Motion, “Always On, Always Connected”, the “envelope in motion” symbol, and BlackBerry are registered with the U.S. Patent and Trademark Office and might be pending or registered in other countries.

All other brands, product names, company names, trademarks and service marks are the properties of their respective owners.

The BlackBerry device and/or associated software are protected by copyright, international treaties and various patents, including one or more of the following U.S. patents: 6,278,442; 6,271,605; 6,219,694; 6,075,470; 6,073,318; D445,428; D433,460; D416,256. Other patents are registered or pending in various countries around the world. Visit www.rim.com/patents.shtml for a current listing of applicable patents.

This document is provided “as is” and Research In Motion Limited and its affiliated companies (“RIM”) assume no responsibility for any typographical, technical or other inaccuracies in this document. RIM reserves the right to periodically change information that is contained in this document; however, RIM makes no commitment to provide any such changes, updates, enhancements or other additions to this document to you in a timely manner or at all. RIM MAKES NO REPRESENTATIONS, WARRANTIES, CONDITIONS OR COVENANTS, EITHER EXPRESS OR IMPLIED (INCLUDING WITHOUT LIMITATION, ANY EXPRESS OR IMPLIED WARRANTIES OR CONDITIONS OF FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, MERCHANTABILITY, DURABILITY, TITLE, OR RELATED TO THE PERFORMANCE OR NON-PERFORMANCE OF ANY SOFTWARE REFERENCED HEREIN OR PERFORMANCE OF ANY SERVICES REFERENCED HEREIN). IN CONNECTION WITH YOUR USE OF THIS DOCUMENTATION, NEITHER RIM NOR ITS RESPECTIVE DIRECTORS, OFFICERS, EMPLOYEES OR CONSULTANTS SHALL BE LIABLE TO YOU FOR ANY DAMAGES WHATSOEVER BE THEY DIRECT, ECONOMIC, COMMERCIAL, SPECIAL, CONSEQUENTIAL, INCIDENTAL, EXEMPLARY OR INDIRECT DAMAGES, EVEN IF RIM HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, INCLUDING WITHOUT LIMITATION, LOSS OF BUSINESS REVENUE OR EARNINGS, LOST DATA, DAMAGES CAUSED BY DELAYS, LOST PROFITS, OR A FAILURE TO REALIZE EXPECTED SAVINGS.

This document might contain references to third party sources of information, hardware or software, products or services and/or third party web sites (collectively the “Third-Party Information”). RIM does not control, and is not responsible for, any Third-Party Information, including, without limitation the content, accuracy, copyright compliance, compatibility, performance, trustworthiness, legality, decency, links, or any other aspect of Third-Party Information. The inclusion of Third-Party Information in this document does not imply endorsement by RIM of the Third Party Information or the third party in any way. Installation and use of Third Party Information with RIM's products and services might require one or more patent, trademark or copyright licenses in order to avoid infringement of the intellectual property rights of others. Any dealings with Third Party Information, including, without limitation, compliance with applicable licenses and terms and conditions, are solely between you and the third party. You are solely responsible for determining whether such third party licenses are required and are responsible for acquiring any such licenses relating to Third Party Information. To the extent that such intellectual property licenses might be required, RIM expressly recommends that you do not install or use Third Party Information until all such applicable licenses have been acquired by you or on your behalf. Your use of Third Party Information shall be governed by and subject to you agreeing to the terms of the Third Party Information licenses. Any Third Party Information that is provided with RIM's products and services is provided “as is”. RIM makes no representation, warranty or guarantee whatsoever in relation to the Third Party Information and RIM assumes no liability whatsoever in relation to the Third Party Information even if RIM has been advised of the possibility of such damages or can anticipate such damages.

Published in Canada

Research In Motion Limited 295 Phillip Street Waterloo, ON N2L 3W8 Canada

Research In Motion UK Limited Centrum House, 36 Station Road Egham, Surrey TW20 9LF United Kingdom

http://www.apache.org/licenses/

Contents1 Overview..................................................................................................................................................................... 5

The BlackBerry Signing Authority Tool ..................................................................................................................... 5Restricting access to APIs .............................................................................................................................................. 6The code signing process............................................................................................................................................... 7

2 Installation ............................................................................................................................................................... 9System requirements ....................................................................................................................................................... 9Installing the signing authority tool .......................................................................................................................... 9

3 The BlackBerry Signing Authority Tool.............................................................................................................15The signing authority tool ...........................................................................................................................................15Setting up the signing authority tool ......................................................................................................................15

4 Remote Client Administration software...........................................................................................................19Remote Client Administration....................................................................................................................................19Managing the client record database......................................................................................................................19Managing client records...............................................................................................................................................21

5 File Signer.................................................................................................................................................................25Using the File Signer .....................................................................................................................................................25Signing code ....................................................................................................................................................................25

1

Overview

The BlackBerry Signing Authority ToolThe code signing process permits a developer to use a controlled package, class, or method in a BlackBerry device application. The BlackBerry Signing Authority tool enables the administrator to request, receive, and verify permissions (code signatures) in a secure environment.

Public key cryptographyThe signing authority tool uses public-key cryptography to authorize and authenticate code. Public-key cryptography uses a pair of keys to sign and verify messages. The public key is distributed to clients, while the private key is kept confidential and is used only by the originating server. Messages signed with the private key can only be verified with the public key. Both keys are required for the secure authenticated transfer of messages.

The BlackBerry Signing Authority ToolRestricting access to APIsThe code signing process

Benefit of authorizing code files Description

API access control protect and control access to sensitive, internal APIs

Data access control protect and control access to persistent data in the runtime store

License enforcement enforce and track licence agreements

Administrator Guide

Signing authority tool components

Restricting access to APIsTo control access to APIs, the signing authority tool administrator and the API developer create a public-private key pair and apply the .key file to packages and classes.

Create a public-private key pairAs a signing authority tool administrator, you use the signing authority tool to create the public-private key pair.

• You store the private key and private key password in the signing authority tool. You then send the public key (as a .key file) to the API developer.

Apply the .key file1. An API developer receives an email containing the .key file.

2. In the BlackBerry® Integrated Development Environment (IDE), the API developer adds the .key file to a project.

3. The API developer assigns protection to packages, classes, or methods.

Component Description

signing authority tool For creating the initial private/public key pair, distributing the public key, and managing key security. See "The BlackBerry Signing Authority Tool" on page 15 for more information.

Remote Client Administration For creating a database for clients that are allowed to request code signing. If developers want to request permission to use code, they must be registered in a database that is managed by this application. See "Remote Client Administration software" on page 19 for more information.

File Signer For managing communications between developers and Web Administration databases. The File Signer receives, evaluates, and grants permissions for code signing requests. See "File Signer" on page 33 for more information.

Proxy servlet Use a proxy servlet in the corporate demilitarized zone (DMZ) to secure File Signer and signing authority tool information.

The proxy servlet enables requests to reach the File Signer without security breaches.

Notes: The JRun Proxy servlet is recommended. The File Signer was developed and tested using this proxy. However, you can install and configure other proxy servlets. Place the File Signer application behind a firewall. See “Extend the proxy servlet” on page 11 for more information on configuring the servlet.

Note: See the BlackBerry Application Developer Guide Volume 2: Advanced Topics for more information on adding .key files to API libraries and persistent stores.

Note: See the BlackBerry Integrated Development Environment Online Help for more information on adding resource files to projects.

6

1: Overview

The code signing processThe code signing process consists of the following steps:

1. Third-party developers create applications

2. Third-party developers register with the signing authority tool

3. Third-party developers use the Signature Tool to request code signatures

4. The signing authority tool receives code signature requests

5. Verification of signatures

Third-party developers create applicationsAs a third-party developer, you create handheld applications using the API libraries. Some of these libraries contain controlled classes or methods that were marked with a .key file by the API developer. You compile the application using the BlackBerry IDE. The compiler creates the following three files:

Third-party developers register with the signing authority tool1. A third-party developer uses the Signature Tool to register with the signing authority tool.

2. You create a private-public key pair specific to the developer’s account. This key pair maintains the integrity of data transferred to the signing authority tool.

3. A .csi file is created that contains data on the signatures the third-party developer can apply for.

Third-party developers use the Signature Tool to request code signatures1. The Signature Tool evaluates the .csi file to determine which signatures the third-party developer can receive.

2. The Signature Tool sends an HTTP request for signatures to the signing authority tool.

A request consists of the following items:

• a hash of the .cod file

• the identity of the third-party developer making the request

3. To authenticate the request, the Signature Tool signs the request using the third-party developer’s private key.

File Description

<filename>.cod the compiled application

<filename>.csl a list of signatures required for controlled packages and classes in the .cod file

<filename>.cso a list of signatures that might be required during the execution of the application if certain controlled methods in the .cod file are used

Note: The request does not contain any information about the application.

7

Administrator Guide

The signing authority tool receives code signature requests1. When the signing authority tool receives a signature request, it verifies that:

• the signature of the request is valid and is associated with the requesting third-party developer

• the requesting third-party developer can still make requests

• the requesting third-party developer is still permitted to receive signatures

2. The signing authority tool applies the private key to the hash to create a signature.

3. The signing authority tool sends the signature to the Signature Tool, and closes the HTTP connection.

Verification of signaturesOnce the response to a code signature request is received, the following events occur:

1. The Signature Tool receives the signature, and appends it to the original .cod file.

2. A third-party developer uploads the .cod file onto a handheld device.

3. The virtual machine (VM) on the device links the .cod file against the API library to identify signed packages and classes.

4. The VM verifies that the required signatures are appended to the .cod file. If a required signature is missing, the VM stops linking; the uploaded program may not run.

5. If all required signatures (those listed in the program’s .csl file) are verified, the program can run on the device.

A program can still run if some optional .cso signatures are not present.

However, when the program invokes a method that requires a .cso signature, if the VM cannot find the correct signature, it will throw a ControlledAccessException.

8

2

Installation

System requirements To install the BlackBerry Signing Authority Tool, your system must meet the following requirements:

• Microsoft® Windows® 2000 or XP

• Intel® Pentium II processor or better with USB ports

• At least 64-MB RAM

• A proxy servlet (such as a JRun servlet)

• RIM Random Number Generator (RNG) Service

The signing authority tool requires a random data generation source. The signing authority tool is designed to work with the RIM Random Number Generator (RNG) Service using the Windows Crypto API. The RNG Service is installed during the installation of the signing authority tool. See “Provide a random number data source” on page 12 for more information.

Installing the signing authority toolTo install the signing authority tool, perform the following actions:

1. Install a proxy servlet

2. Extend the proxy servlet

3. Provide a random number data source

Install a proxy servletTo install a proxy servlet in the DMZ on your firewall, follow the instructions provided by the proxy’s distributor.

Extend the proxy servletAfter you install a proxy servlet, enable the servlet to redirect requests to the Web Signer. See "Proxy servlet" on page 6 for more information on the purpose of a proxy servlet. The following code sample demonstrates how to enable this servlet functionality.

System requirementsInstalling the signing authority tool

Administrator Guide

Code Example:

Example: CryptoRIM.java

/*** CryptoRIM* Copyright (C) 2001-2005 Research In Motion Limited. All rights reserved.*/

import java.io.*;import java.util.*;import java.net.*;

import javax.servlet.*;import javax.servlet.http.*;

public class CryptoRIM extends WebSignerProxy {public void service( HttpServletRequest request, HttpServletResponse response ) throws IOException {

m_webSignerServer = new URL("http://999.111.222.333:4567");super.service(request, response);

}

public String getServletInfo() {return this.getClass().getName();

}}

Code Example:

Example: WebSignerProxy.java

/*** Websigner proxy* Copyright (C) 2001-2005 Research In Motion Limited. All rights reserved.*/

import java.io.*;import java.util.*;import java.net.*;

import javax.servlet.*;import javax.servlet.http.*;

public class WebSignerProxy extends HttpServlet {protected URL m_webSignerServer;

/*** JRun invokes the service method whenever the servlet is requested

10

2: Installation

* by a client. The service method is invoked for both GET and POST* requests. Alternatively, you could place this code in the doGet and * doPost methods.*/public void service( HttpServletRequest request, HttpServletResponse response ) throws IOException {

try {String method = request.getMethod();if (method.equalsIgnoreCase("POST") && m_webSignerServer != null) {

InputStream fromClient = request.getInputStream();

// Read the properties file in.Properties propertiesIn = new Properties();propertiesIn.load( fromClient );

// Write out the property file that was read in.ByteArrayOutputStream byteArrayStream = new ByteArrayOutputStream(); propertiesIn.setProperty("IPAddress", request.getRemoteAddr());propertiesIn.store( byteArrayStream, "CSC File according to the specs for the Signature Tool." );

byte[] encodedPropertyTable = byteArrayStream.toByteArray();URLConnection urlConnect = m_webSignerServer.openConnection();

if (urlConnect == null || !(urlConnect instanceof HttpURLConnection)) {throw new IOException();}HttpURLConnection toServer = (HttpURLConnection)urlConnect;

// Post the message to the server.toServer.setRequestMethod("POST");toServer.setUseCaches(false);toServer.setDoInput(true);toServer.setDoOutput(true);

OutputStream os = toServer.getOutputStream();os.write(encodedPropertyTable);os.flush();

// Read the properties file in.Properties propertiesOut = new Properties();propertiesOut.load( toServer.getInputStream() );toServer.disconnect();

// Write the response.response.reset();ServletOutputStream toClient = response.getOutputStream();byteArrayStream = new ByteArrayOutputStream();

propertiesOut.store( byteArrayStream, "CSC File according to the specs for the Signature Tool." );

encodedPropertyTable = byteArrayStream.toByteArray();toClient.write(encodedPropertyTable); response.flushBuffer();

}} catch (Throwable e) {

11

Administrator Guide

// Attempt to write a response to the client.Properties properties = new Properties();properties.setProperty("Version", "0");properties.setProperty("Error", "Error connecting to File Signer from proxy");

response.reset();

ServletOutputStream toClient = response.getOutputStream();

ByteArrayOutputStream byteArrayStream = new ByteArrayOutputStream();

properties.store( byteArrayStream, "CSC File according to the specs for the Signature Tool." );

byte[] encodedPropertyTable = byteArrayStream.toByteArray();

toClient.write(encodedPropertyTable);

response.flushBuffer();}

}public String getServletInfo() {

return this.getClass().getName();}

}

Provide a random number data sourceThe signing authority tool depends on statistically random private encryption data. Data that is statistically very random results in better private key encryption. The signing authority tool uses the RNG Service to manage the quality of random data. The RNG Service is a background service that is automatically installed with the signing authority tool.

The following files appear in the signing authority tool installation directory:

Configure the RNG Service1. From the signing authority tool installation directory, run RngConfig.exe.

2. Choose one of the following sources of random data:

File Description

RngConfig.exe Configures the RNG service and points it to specific sources of random data.

RngMixer.exe Samples and process data. The RNG mixer runs as a service, and does not need to be opened or closed manually.

RngMonitor.exe Monitors the quality and sources of random data that are used by the RNG mixer.

RngSerialTest.exe Tests the quality of random data that is used by the RNG mixer.

Component Definition

Computer System internal sources of random data generated by the computer system (for example, mouse movements)

12

2: Installation

3. On the Drivers tab, click Computer System.

4. Click Properties.

5. Select or deselect the following components.

6. Apply your changes.

7. On the Drivers tab, click Serial Ports.

8. Click Properties.

9. In the Number field, type the number of the serial port to which the RNG dongle is connected.

10. From the Speed drop-down list, select the connection speed.

11. Select or deselect the following options:

12. Click OK.

Serial Ports external sources of random data imported into the computer system


Processor and Network Traffic The RNG Service samples random data generated by your computer processor and network traffic.

Mouse and Screen The RNG Service samples random data produced by your mouse movements and computer screen activity.

Microsoft CryptoAPI The RNG Service samples random data produced by the Microsoft CryptoAPI installed on your system.

Option Definition

DTR Data Terminal Ready

RTS Ready to Send

Remove Bias --


13

Administrator Guide

14

3

The BlackBerry Signing Authority Tool

The signing authority toolThe BlackBerry Signing Authority Tool controls the code signing system. Use this tool to manage the list of users that can use the signing authority system.

Security overviewThe signing authority tool uses public-private key cryptography to authorize and authenticate code.

• The private key is kept confidential using a password. This key is used only by the code signing system.

• The public key is distributed and appended to every API file that requires protection.

Messages signed with the private key can only be verified with the correct public key. If code is signed by something other than the correct half of a key pair, the code will not run correctly.

Managing private key passwordsSigning authority tool security depends on the private key password. The password must be exactly 8 characters in length, and contain upper and lower case characters, digits, and punctuation characters. The password should be hard to guess and should not appear in a dictionary. Never write the password down.

Setting up the signing authority toolTo set up the signing authority tool, perform the following actions:

1. Verify the quality of data

2. Create a public-private key pair

3. Distribute the public key

4. Create a back-up copy of the private key

Verify the quality of dataWhen you open the signing authority tool for the first time, use the RNG Service to verify the quality of the random data.

1. Open the RNG Monitor.

The signing authority toolSetting up the signing authority tool

Administrator Guide

2. Click Details.

3. Observe the color traffic-light graphic at the top of the signing authority tool window.

If you are not using the RIM RNG Service, the following warning appears: The RNG Service is not installed properly. If the RNG Service is installed, but not running, the monitor opens but is unavailable.

Create a public-private key pairWhen you open the signing authority tool for the first time, you must create a public-private key pair.

1. Open the signing authority tool.

2. Provide the following information:

3. Click Create Key Pair.

Distribute the public keyAfter you create the key pair, send the public key information to API developers. The developers use the public key (in the form of a .key file) to control access to APIs, classes, and objects.

> Open the signing authority tool and click email to create an email message in which you can include the .key file.

Create a back-up copy of the private keyWhen you create a key pair, the private key is stored in the data subdirectory of the signing authority tool installation directory. Make sure the computer with the signing authority tool is stored in a secure restricted location.

Color Description

Green data stream of acceptable, good, or excellent quality

Yellow data stream of poor quality

Red data stream of unknown or unacceptable quality, or, if the RIM RNG service is not used, a data stream of pseudo-random numbers

Warning: If a red or yellow light appears, investigate the problem before you use the signing authority tool. If the data quality is poor, the quality of the private key is compromised.

Field Action

Name A name for the key pair (for example, your company name).

ID The ID that RIM assigned to you; This ID will be assigned to your public key.

Password An eight character password that is difficult to guess. The signing authority tool encrypts the private key with this password. You cannot perform code signing functions or administration tasks without assigning a password. See “Managing private key passwords” on page 15 for more information

Confirm The eight character password. See “Managing private key passwords” on page 15 for more information

16

3: Signing Authority Administration software

Change the private key passwordTo change the private key password, perform the following actions:

1. Open the signing authority tool.

2. Click Change Password.

3. Type your current and new passwords, and confirm your new password.

View log informationLog files are created in the data subdirectory of the signing authority tool installation directory, using the naming convention logFile-[month]-[day]-[year].xml. (For example, "logFile-5-26-2005.xml")

Log files contain information on signature requests. RIM backs up all log files.

> To view a log file, open the file in a web browser.

17

Administrator Guide

18

4

Remote Client Administration software

Remote Client AdministrationThird-party developers that want to use controlled code must request a signature from the BlackBerry Signing Authority Tool. To automate this process, you can use the Remote Client Administration software to store information about developers who have permission to request code signatures using the public-private key pairs you create with the signing authority tool.

Databases and client recordsAfter you create a key pair using the signing authority tool, create a database for the key pair. The database will store client records and contain an entry for each third-party developer who is eligible for code signed by the key pair. The client record contains client information, email notification data, expiry dates, and the number of signing requests that the client is permitted to make.

A third-party developer who requires a signature for a specific key pair sends a request to the corresponding database. The Remote Client Administration software uses the information in the database to verify the third-party developer’s request. If a client record for the developer exists, the code signing process continues. If no client record exists, the code signing process stops.

Managing the client record databaseUse the Remote Client Administration software to create a database file. After the database is created, you can add client records to the database.

Create a database file1. Open the Remote Client Administration tool.

2. In the BlackBerry Remote Client Administration window, click OK.

3. In the Properties dialog box, click the General tab. Fill in the following fields:

Remote Client AdministrationManaging the client record databaseManaging client records

Field Value

Enter Password/ Confirm Password

An eight character password. This password must be different from your private key password.

Administrator Guide

4. Click the New Records Defaults tab. Set any of the following options:

5. In the CSI directory field, type the .csi file path or click Browse to locate it manually.

6. Click Save.

Set database refresh propertiesTo set database refresh properties, perform any of the following actions:

Signer ID The RIM assigned ID number.

Web Signer Server URL The URL for the signing authority tool File Signer’s externally visible location. If using a proxy, the URL should reflect the location of the proxy, not of the host computer.

The URL is case-sensitive.

Web Signer Accepts Connections On Port

The number of the port the File Signer listens to. This should be the port number in the URL. If a proxy is used, the value is the port number that the proxy uses to connect to the machine.

SMTP Server The name of the SMTP server machine that accepts connections from the File Signer (for example, smtp.blackberry.com).

CSI Directory The directory where the CSI (Code Signing Information) files will be stored.

CSI Email Subject The default subject line for the CSI email that is sent to a user.

CSI Email Body The default email body for the CSI email that is sent to a user.

Field Value

Create Client ID Enable the program to randomly generate client IDs.

Create Client PIN Enable the program to randomly generate client PINs.

Public Client Provide default information about the client (for example, the client’s name or employer).

# of Requests Set the default number of times that a client can make signature requests.

Expiry Date Date when the client may no longer make requests; If empty, the client may always make requests.

Email Notifications on Select events that trigger email notification. Choose from Error, Register, Sign, and Irregular Behaviour.

Notify Email BCC The email address to which notifications should be sent.

Email CSI File Enable the program to send the .csi file automatically via email after you click Save.

If you do not select this option, you must email the .csi file manually.

BCC CSI Email The address that will be sent BCC when the program sends the .csi files.

Tip: See “Restricting access to APIs” on page 6 for more information about the .csi file.

Action Procedure

Set the database file to refresh automatically

Select the checkbox at the bottom of the window.

Set the database refresh frequency

In the Refresh Database every field, select the checkbox.

Refresh the database file manually

See “Refresh the database file” on page 23 for more information

Field Value

20

4: Remote Client Administration software

Open a database fileOpen the Remote Client Administration tool and from the BlackBerry Remote Client Administration window, click OK. and type the password assigned when the database was created.

View database informationOpen the Remote Client Administration tool and refresh the view in the RIM Internet Signing Authority Administration window.

Managing client recordsCreate a client record for every developer that needs to request code signatures. Before clients can make requests, you must save the client records in the database file.

Create a client record1. Open the Remote Client Administration tool.


3. At the prompt, type the database password.

4. Click OK.

5. Click Add.

6. At the prompt, type the private key password.

7. Fill in the following fields:

8. Click Save.

Notes: The saved properties become the default properties for all database records you create. To change these properties, in the signing authority tool window, on the File menu, click Properties.

Field Value

Client ID A unique ID or randomly generated number for the client.

Client Info Information on the client (for example, the client’s name or employer).

# of Requests The number of times a client can make file signing requests.


Notify Email The email address to which specified notifications will be sent.


Email CSI file Enable the program to email the Code Signing Information file automatically.

Email To The email address of the client.

Note: If you do not email the .csi file to the client, you must provide the file by some other means. See “Restricting access to APIs” on page 6 for more information about .csi files.

21

Administrator Guide

9. In the client ID PIN dialog box, note the PIN.

10. Click OK.

11. Telephone the client with the new PIN information.

Edit a client record1. Open the Remote Client Administration tool.



4. Click OK.

5. From the Access Control List, select the client record that you want to edit.

6. Click Edit.

7. At the prompt, type your private key password.

8. Edit any of the following fields:

9. Click Save.

Delete a client record1. Open the Remote Client Administration tool.



4. Click OK.

5. From the Access Control List, select the client record that you want to delete.

6. Click Delete.


Warning: For security reasons, do not send the PIN number by email.

Field Value

Client Info Information on the client (for example, the client’s name or employer).

# of Requests The number of times a client can request code signatures.


Notify Email The email address to which any specified notifications will be sent.


Tip: To open a new database, from the Remote Client Administration tool, on the File menu, click Open.

22

4: Remote Client Administration software

8. Click Yes.

Change column headingsSelect the column headings that appear in the Signing Authority Administration window (for example, Client ID and Client Info).

1. Open the Remote Client Administration tool.

2. Select the database file.

3. Click Open.

4. At the prompt, type the password assigned when the database was created.

5. Click OK.

6. Select View > Options.

7. Click the arrow buttons to make changes:

• To remove a column heading, select the heading from the Screen section. Click the > button.

• To add a column heading, select the heading from the All section. Click the < button.

8. To change the order in which headings appear, in the Screen section, select a heading, and click Up or Dn.

9. Click OK.

23

Administrator Guide

24

5

File Signer

Using the File SignerYou can use the File Signer to manually check and sign code files. This tool pre-empts the entire Web Administration and File Signer system, and permits administrators and operators to sign code themselves.

Unlike the automated system, the File Signer only requires the .cod file, and someone that can approve its use.

Signing codeAnyone who has access to the private key password can use the File Signer to sign code files.

1. Open the File Signer.

2. In the File Name field, type the full file name path, or click Browse to locate the file.

3. Click Sign.


5. Click OK.

Using the File SignerSigning code

Note: The File Signer accepts .cod and .rfl files. An .rfl file is a list of .cod files that should be processed together.

Administrator Guide

26

blackberry signing authority tool 1.0 - password based - administrator guide

Documents