Signing your app

Before you can distribute your applications on the BlackBerry World storefront, you must first sign them. Signing an app is a matter of requesting a .bar or .cod file signature from the BlackBerry Signing Authority. You can sign your app using the Ripple emulator, or using the command-line tools.

Before you start, make sure you have configured your computer for code signing. See Set up for signing for more information.

  • Why must I sign my app?

    The main reason that apps must be signed is for security.

    An app is signed so that its capabilities can be verified and unique identifiers can be issued for that app.

    Signing is used to provide proof of authorship. By signing your app, you are binding your (or your company's) identity to the apps that you develop and distribute to users. This proof of authorship protects both you as the developer, and the user, since the source of the app can be traced and cannot be altered.

    And, perhaps the most important reason, at least for developers: apps must be signed before they can make you money. Until apps are signed, they cannot be distributed through, and generate income from, the BlackBerry World storefront.

  • When must I sign my app?

    App signing is only required when your app is complete, that is, when you are ready to publish it to BlackBerry World. An app must also be re-signed every time you update and re-publish it. When you update, you'll need to increment the version number for your app and perform the signing process again.

    Note that during the development phase, however, you can deploy an unsigned app on a device for testing purposes using a debug token. A debug token gives permission for an unsigned app to run on those BlackBerry devices specified by the token creator. For more information about creating and using debug tokens, see Deploy to a device.

    You can deploy and test an unsigned app on a simulator at any time. For more information on testing your app on a simulator, see Deploy to a simulator.

Sign a BlackBerry PlayBook app

You can sign your tablet app by using the Ripple emulator or the BlackBerry WebWorks SDK. The BlackBerry WebWorks SDK is a command-line tool, whereas the Ripple emulator is a UI-based tool.

Before you begin: Make sure that you have performed the setup to sign apps. This setup needs to be performed only once. For more information, see Set up for signing.

Using the BlackBerry WebWorks SDK to sign your app

You can sign your app at the same time that you package it by adding the -g <KeystorePassword> option to the package command.

  1. At a command prompt, navigate to the bbwp folder that's in the installation folder for the BlackBerry WebWorks SDK. The file path may vary based on where you installed the BlackBerry WebWorks SDK.
    For Windows XP:
    cd C:\Program Files\Research In Motion\BlackBerry WebWorks SDK for TabletOS<x.x.x.x>\bbwp
    For Windows 7:
    cd C:\Program Files (x86)\Research In Motion\BlackBerry WebWorks SDK for TabletOS<x.x.x.x>\bbwp
    For Mac OS:
    cd "/Developer/SDKs/Research In Motion/BlackBerry WebWorks SDK for TabletOS<x.x.x.x>/bbwp"
  2. Package and sign the app by using the following syntax:
    bbwp <archive_file> -g <KeystorePassword> -buildId <num> -o <output_location>
    where:
    • <archive_file> is the name and location of the app archive file
    • <KeystorePassword> is the password that you specified when you registered your code signing keys with the RIM Signing Authority.
    • <num> is the build version number of your app. Typically, this number should be incremented from the previous signed version.
    • <output_location> is the location where you want the output files to be created

    Windows example

    bbwp C:\myapp\myarchive.zip -g myKeystorePassword -buildId 10 -o C:\myapp\output

    Mac OS example

    ./bbwp ~/myapp/myarchive.zip -g myKeystorePassword -buildId 10 -o ~/myapp/output

    When you execute this command, the BlackBerry WebWorks SDK creates a signed .bar file in the specified output location.

Using the Ripple emulator to sign your app

In the Ripple emulator, you can sign your app at the same time that you build it.

First, you need to fill in some settings for signing:

  1. Select the Build panel.
  2. Select Settings.
  3. In the CSK password field, type the password you specified for your keystore (when you registered with the RIM Signing Authority).
  4. In the P12 Password field, type the password you specified when you created your developer certificate. Otherwise, this is your keystore password.
  5. In the Bundle Number field, type the bundle number for your app (for example, 1.0.0.x, where x is the bundle number). After you sign the app, this number automatically increases by 1.
  6. Close the Settings window to save your changes.

    The fields in the Build section need to be filled in as well because you are building the app, then signing it. For more information about the build settings, see Package with the Ripple emulator.

Now, you can sign the app:

  1. If the build and deploy services are not currently running, click Start Services.
  2. Select Package & Sign.

The Ripple emulator builds and signs your app. Make sure that you pay attention to the console messages to determine whether signing is successful. The Ripple emulator indicates when the package and build is completed successfully, but does not determine the status of app signing.

After the process completes successfully, the .zip and signed .bar files for the app are stored in the output folder that you specified in the settings.

Last modified: 2013-08-29