Yesterday, I generated a new Developer Certificate for a Nokia 6610 handset. This took way longer than it should have done because even though I had successfully generated a Private Key, a Certificate Request and had a Developer Certificate issued by Symbian Signed, I was unable to actually sign a SIS file due to a password error.
The SIGNSIS Error
I ran SIGNSIS with the following command:
SIGNSIS -v -s Test.SIS Test.SISx Test2.cer Test2.key 12345
- Test.SIS is the name of my unsigned Symbian installer file;
- Test.SISx is the name of the signed installer I wanter to create;
- Test2.cer is the name of my Symbian Developer Certificate;
- Test2.key is my Private Key; and,
- 12345 is the password for my Private Key.
This reported the following error:
error:06065064:digital envelope routines:EVP_DecryptFinal:bad decrypterror:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrongtagencryption error, Cannot load Test2.key
The salient point being that they key could not be loaded.
A number of posts on the net discuss this problem and suggest creating a Private Key without a password. (Clearly this is not recommended practice for anything but a Symbian Developer Certificate that can only be use to sign for a single IMEI.)
If, like me you have not got an ACS Published ID, and you use the Symbian Developer Certificate Request Wizard v2.1, you cannot generate a Private Key without a password. As stated earlier, Keys generated with a password cause an error in SIGNSIS.
Using the wizard you can either select an existing Private Key file or have the tool create a new Private Key for you. However, the Developer Certificate Request Wizard UI is somewhat confusing because on the second property sheet, it has a check box for ‘No Password’ against the Private Key File option. I had assumed that this meant ‘I do not want a password on the generated Private Key’. Not so. What it actually means is ‘There is no password on the Private Key file I have selected’.
The trick is to create a Private Key using the Symbian makekeys utility. This tool allows you to create a Private Key without a password.
makekeys -cert -dname "CN=Wooldridge OU=Consulting OR=Wooldridge Consulting CO=AU" NoPassword.key ThrowThisAway.cer
Simply answer 'n' to the prompt
Warning: the private key should be encrypted with the -password option
The Private Key file thus generated can then be used with the Symbian Developer Certificate Wizard with the ‘No Password’ option checked. The file ThrowThisAway.cer has no further use.