How do you write your signature? “Yours Truly”, “With Regards”, “Always and Forever”? I’ve been trying a number of different approaches to write my signature. Before we get too detailed let me remind you that you are reading the weblog of a die-hard software engineer so the terms you are familiar with may take on an entirely different meaning within the following body of text. For you first time visitors, wassup, my name’s Cliff. You’re here because you’re looking for some provocative writing… the likes of which is inspiring and thought provoking enough to distract you from the mundane struggles of your daily life.. leading you to another world of adventure filled with colorful characters and… let’s move on, shall we?
So I’m sitting in front of my Dell complete with an Intel Core Duo processor and a flat screen monitor (ooh, thought provoking…) and I’m mashing keys randomly in a desperate attempt to clear the confirmation dialog from the screens of would be users of the mobile phone application I’m developing. (In short I’m trying to add a digital signature to my Midlet so users don’t have to answer security messages. In layman’s terms: I’m trying to certify my software.) Everything I try ends in failure partly because I’m a bad person, partly because I haven’t a clue what I’m doing, partly because I believe everything could be done so much better on my Macbook pro, and partly because you did something sneaky with my source files while I wasn’t looking. So then I’m all on these websites and forums asking questions looking for answers and examples on what REAL people do when they want to deliver a killer mobile product taking the world by storm without raining confirm dialogs on the user community. Towards the end of what’s supposed to be my Thanksgiving vacation I have an epiphany (or a wild revelation or whatever those crazy A-Ha moments are called). I’ve been going about it all wrong. Everything from the digital signature to the way I dress… it’s all wrong! (Beige sweaters with brown slacks and black socks are just a no-no!) You see, when I grew up signing a java application involved doing something to a jar file that guaranteed that you were the sole provider of the content therein. (That something normally meant adding some sort of message digest or wierd crypto-algo-thingy that couldn’t be fooled with my a million super computers in the current age.) Nowadays the youngsters seem to be all about the Jad file. It’s all Jad file this and Jad file that. What I’m saying is digital signature in the mobile world appear to only apply to Jad files leaving the jar file in it’s original shape. I’m not certain about any of this but it sure feels this way. I have some evidence to backup my findings and theories.
Copied verbatim from my post on the Blackberry forums:
I’ve read some documentation on the Sprint Dev netork that details the steps involved in signing a MIDlet suite and it completely leaves out the use of jarsigner. Another clue that jarsigner is not supposed to be used is found in Sun’s Wireless Tool Kit (WTK). When I used WTK to sign my app and checked the jar with jarsigner -verify the jarsigner reports the jar is unsigned. Yet inspection of the jad file reveals the digital signature attributes from my certificate. Last hint comes from Antenna. If you run then the jar file does not get updated, only the jad. If you run signjar prior to wtksign (as I thought I had to) then the jar file is updated with the signature which changes it’s size. However wtksign does not include any logic for updating the jar size attribute. I actually wrote a patch for including the jarsize update logic in wtksign thinking it was an oversight. Now I’m of the belief tha signing a MIDlet simply means adding the Jar RSA and certificate digital info to the Jad.
My team and I have been at this for a while now. nothing seems to work. If there are any wireless mobile gurus out there who are bored enough over the holidays to surf the web and land on my page please save my life by filling out the answer in the text box below. Typical rules and restrictions apply. Answer should be clear, coherent, unbiased and to the point. Answer may also be accompanied by your banking info (routing and account numbers) so that proper payment for given answer may be deducted… *ahem*… deposited into your account. Thanx in advance for any diamond cracking solutions…
Emperor of 11 Java communities