Monday, 10 December 2007

Symbian Developer Certificate and SIGNSIS Errors

Symbian Developer Certificate Woes

Yesterday, I generated a new Developer Certificate for a Nokia 6610 handset. This took way longer than it should have done because even though I had successfully generated a Private Key, a Certificate Request and had a Developer Certificate issued by Symbian Signed, I was unable to actually sign a SIS file due to a password error.

I ran SIGNSIS with the following command:

SIGNSIS -v -s Test.SIS Test.SISx Test2.cer Test2.key 12345


  • Test.SIS is the name of my unsigned Symbian installer file;
  • Test.SISx is the name of the signed installer I wanter to create;
  • Test2.cer is the name of my Symbian Developer Certificate;
  • Test2.key is my Private Key; and,
  • 12345 is the password for my Private Key.

This reported the following error:

error:06065064:digital envelope routines:EVP_DecryptFinal:bad decrypterror:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrongtagencryption error, Cannot load Test2.key

The salient point being that they key could not be loaded.

The Solution
A number of posts on the net discuss this problem and suggest creating a Private Key without a password. (Clearly this is not recommended practice for anything but a Symbian Developer Certificate that can only be use to sign for a single IMEI.)

If, like me you have not got an ACS Published ID, and you use the Symbian Developer Certificate Request Wizard v2.1, you cannot generate a Private Key without a password. As stated earlier, Keys generated with a password cause an error in SIGNSIS.

Using the wizard you can either select an existing Private Key file or have the tool create a new Private Key for you. However, the Developer Certificate Request Wizard UI is somewhat confusing because on the second property sheet, it has a check box for ‘No Password’ against the Private Key File option. I had assumed that this meant ‘I do not want a password on the generated Private Key’. Not so. What it actually means is ‘There is no password on the Private Key file I have selected’.

What Works
The trick is to create a Private Key using the Symbian makekeys utility. This tool allows you to create a Private Key without a password.

makekeys -cert -dname "CN=Wooldridge OU=Consulting OR=Wooldridge Consulting CO=AU" NoPassword.key ThrowThisAway.cer

Simply answer 'n' to the prompt

Warning: the private key should be encrypted with the -password option

The Private Key file thus generated can then be used with the Symbian Developer Certificate Wizard with the ‘No Password’ option checked. The file ThrowThisAway.cer has no further use.

You must then request a Developer Certificate from Symbian in the normal way. SIGNSIS will now behave.

No comments:

Post a Comment