Sorry about the red box, but we really need you to update your browser. Read this excellent article if you're wondering why we are no longer supporting this browser version. Go to Browse Happy for browser suggestions and how to update.

BlackBerry Signing Authority tool

The BlackBerry Signing Authority tool is designed to help developers protect the data and intellectual property of their applications. It is server-side software that lets administrators manage access to their specified APIs and data stores.

The Signing Authority tool runs only on Windows 2000.

The BlackBerry Signing Authority Tool uses asymmetric private/public key cryptography to validate the authenticity of a signature request. It can be configured by an administrator to restrict access to specific APIs and data stores by confining the signing of applications to internal developers.

Optionally, the BlackBerry Signing Authority Tool can be configured to allow external developers to request and receive signatures for accessing specified APIs and data. As signature requests can be tracked and accepted or rejected based on administrator control, the BlackBerry Signing Authority Tool can assist in the monitoring and enforcement systems for license agreements as they relate to APIs and application data designated to require signing by the administrator.

The BlackBerry Signing Authority Tool supports all versions of the BlackBerry Java Development Environment (JDE) and applications created for Java-based BlackBerry devices.

You can download the tool here: Software Download for BlackBerry Signing Authority Tool

For more information, see the BlackBerry Signing Authority Tool.

Using restricted code signatures

In this documentation, the administrator is the person who installed and uses the Signing Authority tool.

The BlackBerry Signing Authority tool administrator might place restrictions on your .csi file to limit your access to code signatures. To request changes to these restrictions, contact your administrator.

.csi file restriction

Description

# of Requests

This restriction specifies the maximum number of requests that you can make by using this .csi file. When you reach the maximum number of requests, the .csi file is no longer valid. To make new code signature requests, you must apply for a new .csi file.

Although administrators can permit an infinite number of requests, they often specify a maximum number of requests for security reasons.

Expiry Date

This restriction specifies the expiry date for your .csi file. After the expiry date, you can no longer make code signature requests with this .csi file. To make new signature requests, you must apply for a new .csi file.

Securing your libraries for distribution

This section describes how to secure libraries that you want to distribute and also want to control access to, usually so you can license or sell them. To do this, you need to use the BlackBerry Signing Authority tool. The Signing Authority tool is legacy software that only runs on Windows 2000.

You can download the tool here: http://www.blackberry.com/Downloads

For more information, see the BlackBerry Signing Authority Tool

Restricting access to packages and classes

You can help protect the packages and the classes in your BlackBerry library project by using your own code signing key. You can help protect a package or a class with only one private key at a time.

When a BlackBerry device application accesses a package or a class that is protected in the BlackBerry library project, the application's .cod file must be signed with the same private key as the package or class. You can sign the .cod file with the private key by using the File Signer tool in the BlackBerry Signing Authority Tool or by using the same SignatureTool used to apply signatures from code signing keys obtained from RIM. In order to sign with your key using the SignatureTool, you'll need to issue a code signing key (.csi file) from your BlackBerry Signing Authority Tool.

Before doing this, you need to have a key for your library projects. Here are some ways to achieve that.

Copy a public key (.key) into your BlackBerry library project:

  1. In the Package Explorer view, copy and paste the private key into the /src folder of your BlackBerry library project.

  2. Double-click the private key to open the key editor.

Import a public key (.key) into your BlackBerry library project:

  1. On the File menu, click Import.

  2. Expand General and click File System.

  3. Click Next.

  4. In the From directory dialog box, click Browse. Navigate to the location of the private key and click OK.

  5. In the right-hand pane, select the private key.

  6. In the Into folder dialog box, click Browse and navigate to the location of the /src folder of your BlackBerry library project.

  7. Click the src folder and click OK.

  8. Click Finish.

  9. Double-click the private key to open the key editor.

Link a public key (.key) to your BlackBerry library project:

  1. In the Package Explorer view, right-click the /src folder of your BlackBerry library project.

  2. Click New > File.

  3. Click Advanced.

  4. Select the Link to file in the file system option.

  5. Click Browse to navigate to the location of the private key and click Open.

  6. Click Finish.

Once you have the key, you can restrict access by doing the following:

  1. In the key editor, select the package or class that you want to restrict access to.

  2. Close the key editor and click Save.

  3. Package your BlackBerry library project.

Access to the .cod file that is created is restricted at runtime.

Protecting data in apps

Code signing keys can be used to restrict access to data in the persistent store, runtime store, and SQLite databases. This is a way to control access from other apps on a BlackBerry smartphone.

To protect data with code signing keys, you must create keys using the BlackBerry Signing Authority Tool. This tool is legacy software that runs only on Windows 2000.

Restricting access to persistent objects

See Security of persistent objects.

Restricting access to the runtime store

See Security of the runtime store.

Restricting access to SQLite databases

See Security of SQLite databases.