Signing your app
Before you can distribute your applications on the BlackBerry World storefront, you must first sign them. Signing an app is a matter of requesting a .bar or .cod file signature from the BlackBerry Signing Authority. You can sign your app using the Ripple emulator, or using the command-line tools.
Before you start, make sure you have configured your computer for code signing. See Set up for signing for more information.
Why must I sign my app?
The main reason that apps must be signed is for security.
An app is signed so that its capabilities can be verified and unique identifiers can be issued for that app.
Signing is used to provide proof of authorship. By signing your app, you are binding your (or your company's) identity to the apps that you develop and distribute to users. This proof of authorship protects both you as the developer, and the user, since the source of the app can be traced and cannot be altered.
And, perhaps the most important reason, at least for developers: apps must be signed before they can make you money. Until apps are signed, they cannot be distributed through, and generate income from, the BlackBerry World storefront.
When must I sign my app?
App signing is only required when your app is complete, that is, when you are ready to publish it to BlackBerry World. An app must also be re-signed every time you update and re-publish it. When you update, you'll need to increment the version number for your app and perform the signing process again.
Note that during the development phase, however, you can deploy an unsigned app on a device for testing purposes using a debug token. A debug token gives permission for an unsigned app to run on those BlackBerry devices specified by the token creator. For more information about creating and using debug tokens, see Deploy to a device.
You can deploy and test an unsigned app on a simulator at any time. For more information on testing your app on a simulator, see Deploy to a simulator.
Sign a BlackBerry 10 app
You can sign your BlackBerry 10 app by using the Ripple emulator or the BlackBerry 10 WebWorks SDK. The BlackBerry 10 WebWorks SDK is a command-line tool, whereas the Ripple emulator is a Google Chrome browser extension.
Before you begin: Make sure that you have performed the setup to sign apps. This setup needs to be performed only once. For more information, see Set up for signing. In early implementations of BlackBerry 10, you would have needed two distinct passwords for signing, but this is no longer necessary. If you did the set up step previously and needed two passwords, you should re-register so that you only need one password when you sign and package your app from now on.
Using the BlackBerry 10 WebWorks SDK to sign your app
You can sign your app at the same time that you package it by adding the -g <KeystorePassword> option to the package command.
- At a
command prompt, navigate to the installation folder for the BlackBerry 10 WebWorks SDK. The
file path may vary based on where you installed the BlackBerry 10 WebWorks SDK. For Windows:
cd C:\Program Files\Research In Motion\BlackBerry 10 WebWorks SDK <version>For Mac OS:
cd "/Applications/Research In Motion/BlackBerry 10 WebWorks SDK <version>"
- Package and
sign the app by using the following syntax:
bbwp <archive_file OR app_folder_location> -g <KeystorePassword> --buildId <num> -o <output_location>where:
- <archive_file OR app_folder_location> is the name and location of the app's archive file or app's folder location.
- <KeystorePassword> is the password that you specified when you registered your code signing keys with the BlackBerry Signing Authority.
- <num> is the build version number of your app. Typically, this number should be incremented from the previous signed version.
- <output_location> is the location where you want the output files to be created.
bbwp C:\myapp\myarchive.zip -g myKeystorePassword --buildId 10 -o C:\myapp\output
Mac OS example
./bbwp ~/myapp/myarchive.zip -g myKeystorePassword --buildId 10 -o ~/myapp/output
When you execute this command, the BlackBerry 10 WebWorks SDK creates a signed .bar file in the specified output location. Note that you can also use -b in place of --buildId.
Using the Ripple emulator to sign your app
In the Ripple emulator, you can sign your app at the same time that you build it.
First, you need to fill in some settings for signing:
- Select the Build panel.
- Select Settings.
- In the Signing Password field, type the password you specified for your keystore (when you registered with the RIM Signing Authority).
- In the Bundle Number field, type the bundle number for your app (for example, 1.0.0.x, where x is the bundle number). After you sign the app, this number automatically increases by 1.
- Close the
Settings window to save your changes.
The fields in the Build section need to be filled in as well because you are building the app, then signing it. For more information about the build settings, see Package with the Ripple emulator.
Now, you can sign the app:
- Select the Build panel.
- If the build and deploy services are not currently running, click Start Services.
- Select Package & Sign.
The Ripple emulator builds and signs your app. Make sure that you pay attention to the console messages to determine whether signing is successful. The Ripple emulator indicates when the package and build is completed successfully, but does not determine the status of app signing.
After the process completes successfully, the .zip and signed .bar files for the app are stored in the output folder that you specified in the settings.
Last modified: 2014-03-10