Configure app signing from the command-line

The following steps help you configure your computer to sign apps. You should perform these steps only once.

For information about configuring app signing using the Momentics IDE, see Configure application signing in the IDE .

You can find blackberry-signer and blackberry-keytool in the bin subfolder where you installed the BlackBerry 10 Native SDK for the BlackBerry 10 OS.

Before you begin:

  • Create a BlackBerry ID token to be able to sign BlackBerry 10 OS applications. Once you confirm your password, the keystore file you download will contain your signing token.
  • If you connect to the Internet through a proxy server, you must specify additional command line options to contact the BlackBerry Signing Authority. For more information about using a proxy server from the command line, see Use a proxy server from the command-line.

Register with the BlackBerry Signing Authority using the blackberry-signer tool. You need to specify a keystore password in the -storepass parameter, as well as the pathname to the app signing .csk file you downloaded.

blackberry-signer -storepass KeystorePassword

After you finish:

The following command creates a Developer Certificate, and the password you specify in the -storepass parameter allows you to use the .p12 file to sign BAR files. You should protect the .p12 file and its password.

blackberry-keytool -genkeypair -storepass <storepass> -dname "cn=<company_name>" 
For more information about the command line tools used in this task, please see blackberry-signer tool parameters and blackberry-keytool parameters.

Use a proxy server from the command-line

During the signing process, your computer connects to the BlackBerry Signing Authority. If your computer connects to the internet through a proxy server, append the following these additional options to the blackberry-signer and blackberry-debugtokenrequest commands.



-proxyhost host

The network host that provides the proxy service. The host parameter can be an IP address or a fully qualified domain name.

-proxyport port

The port number that the blackberry-signer and blackberry-debugtokenrequest use to communicate with the BlackBerry Signing Authority.


user name

The user name to use when the proxy server requires authentication.



The password to use when your proxy server requires authentication.

Example: blackberry-signer command line

blackberry-signer -proxyhost -proxyport 80 -register 
                -csjpin PIN -storepass KeystorePassword AppSigningCSJFile DebugTokenCSJFile

Example: blackberry-debugtokenrequest command line

blackberry-debugtokenrequest -proxyhost -proxyport 80 -storepass password -devicepin device-pin [options] debug-token-bar-file

blackberry-keytool parameters

You can use the blackberry-keytool tool to generate a code-signing certificate.




Instructs the tool to generate a pair of mathematically related values used to encrypt and decrypt data. Data encrypted with one value must be decrypted by the other value. Anyone can verify that an application encrypted with one value, which is kept private (signed using the private key), by decrypting it with the other value (the public key).


Specifies the location of the file that contains the public and private key pair.


Specifies the password that is used to control access to the key store.


Specifies the name to associate with the certificate that the tool creates. The value for this parameter must match exactly:
  • the name you entered in the Company field on the web form to request permission to sign applications
  • the publisher element in your BAR application descriptor file (bar-descriptor.xml file)


Refers to an entry in the key store database. The value for this parameter must be the literal value author.

blackberry-signer tool parameters

You can use the blackberry-signer tool to communicate with the RIM Signing Authority, and sign your application.




Instructs the tool to generate a pair of mathematically related values used to encrypt data exchanged during communication with the RIM Signing Authority.


This parameter specifies the password that is used to control access to the key pair created by using the csksetup parameter


This parameter instructs the tool to request that the RIM Signing Authority associate a CSJ registration file with the public key that is created by using the csksetup parameter


This parameter specifies the PIN for the CSJ registration file that is submitted during a registration request.

CSJ file

This parameter specifies the location of the Developer Certificate from the RIM Signing Authority.

Last modified: 2013-12-21

comments powered by Disqus