Security Tools Overview

The security tool, certapp, is a PC-side tool that creates and manages Symbian certificate stores. It can be configured to run as a standalone tool on both Windows and Linux platforms.

Purpose

The Symbian platform provides implementations of two types of certificate store, the native Software Install (SWI) Certificate Store (swicertstore) and the File Certificate Store (filecertstore). The certapp tool enables the creation, augmenting, dumping and debugging of both the certificate stores. In addition, the tool also enables the dumping of certificates.

Required background

To use certapp effectively, you must have a basic understanding of the following:

Key concepts and terms

Certificate

A certificate is an electronic document that binds a user's identity to a particular public or private key pair. It is commonly used to authenticate cryptographic public keys.

Certificates are issued by a Certification Authority (CA). They usually include information such as a label, serial number, validity period, certificate format (for example, X.509) and algorithm type (for example, MD2RSA).

The certificate files managed by certapp must be in one of the following formats:

  • X.509 Privacy Enhanced Mail (PEM)

  • X.509 Distinguished Encoding Rules (DER)

  • Wireless Transport Layer Security (WTLS)

Certificate Store

A certificate store is a database file that can store and manipulate certificates. The certificate store handles operations such as storing and retrieving certificates, assigning trust status to certificates on an application-by-application basis, constructing and validating certificate chains and checking online certificate revocation.

File Certificate Store

The file certificate store holds certificates for use by various applications that involve some authentication process. For example, it may contain certificates suitable for SSL/TLS server authentication.

The file certificate store is implemented as a software plug-in which accesses two files that must be included in a device’s ROM, and are copied to the C: drive on first use. They are:

  • cacerts.dat: The physical file certificate store itself which holds the actual certificates and their associated metadata, including the application UIDs, to which the certificates apply. .

  • certclients.dat: The certificate applications store that holds a list of the human-readable names and UIDs of applications that trust the certificates held in cacerts.dat.

Software Install (SWI) Certificate Store

A SWI certificate store holds the trust anchors necessary to validate all SIS files that will be installed on the device. Physically, the certificates are held in a data file, swicertstore.dat. There are two parts to the SWI certificate store, an immutable store held in ROM and a writeable store that may be updated post market.

Description

The certapp tool reads a series of input files containing certificate details, merges the input file data in memory, and writes the merged data into appropriate certificate store output files. Run the tool from the command line by specifying the input and output file names as arguments. For details of the command line arguments, see certapp Reference.

The tool accepts data files as inputs for operations such as creating a certificate store, dumping a certificate store or certificates to human-readable form and augmenting a certificate store. The data files can be in either binary or human-readable forms. These files typically contain details of individual certificates and the applications that the certificates validate. Many such data files can be merged together using the certapp tool to create one or more certificate store database files.

Database files are typically the certificate store files created as output when you provide data files as inputs to the tool. The database files can be created for both the SWI certificate store (swicertstore.dat) and the file certificate store (cacerts.dat and certclients.dat).

Notes:

Typical uses

The certapp tool helps in performing the following tasks:

  • Creating a certificate store

  • Dumping a certificate store to human-readable form

  • Augmenting a certificate store

For details, see Using certapp.

Related concepts