The security tool, certapp, is a PC-side tool that creates and manages Symbian certificate stores. It can be configured to run as a standalone tool on both Windows and Linux platforms.
The Symbian platform provides implementations of two types of certificate store, the native Software Install (SWI) Certificate Store (swicertstore) and the File Certificate Store (filecertstore). The certapp tool enables the creation, augmenting, dumping and debugging of both the certificate stores. In addition, the tool also enables the dumping of certificates.
To use certapp effectively, you must have a basic understanding of the following:
A certificate is an electronic document that binds a user's identity to a particular public or private key pair. It is commonly used to authenticate cryptographic public keys.
Certificates are issued by a Certification Authority (CA). They usually include information such as a label, serial number, validity period, certificate format (for example, X.509) and algorithm type (for example, MD2RSA).
The certificate files managed by certapp must be in one of the following formats:
A certificate store is a database file that can store and manipulate certificates. The certificate store handles operations such as storing and retrieving certificates, assigning trust status to certificates on an application-by-application basis, constructing and validating certificate chains and checking online certificate revocation.
The file certificate store holds certificates for use by various applications that involve some authentication process. For example, it may contain certificates suitable for SSL/TLS server authentication.
The file certificate store is implemented as a software plug-in which accesses two files that must be included in a device’s ROM, and are copied to the C: drive on first use. They are:
cacerts.dat: The physical file certificate store itself which holds the actual certificates and their associated metadata, including the application UIDs, to which the certificates apply. .
certclients.dat: The certificate applications store that holds a list of the human-readable names and UIDs of applications that trust the certificates held in cacerts.dat.
A SWI certificate store holds the trust anchors necessary to validate all SIS files that will be installed on the device. Physically, the certificates are held in a data file, swicertstore.dat. There are two parts to the SWI certificate store, an immutable store held in ROM and a writeable store that may be updated post market.
The certapp tool reads a series of input files containing certificate details, merges the input file data in memory, and writes the merged data into appropriate certificate store output files. Run the tool from the command line by specifying the input and output file names as arguments. For details of the command line arguments, see certapp Reference.
The tool accepts data files as inputs for operations such as creating a certificate store, dumping a certificate store or certificates to human-readable form and augmenting a certificate store. The data files can be in either binary or human-readable forms. These files typically contain details of individual certificates and the applications that the certificates validate. Many such data files can be merged together using the certapp tool to create one or more certificate store database files.
Database files are typically the certificate store files created as output when you provide data files as inputs to the tool. The database files can be created for both the SWI certificate store (swicertstore.dat) and the file certificate store (cacerts.dat and certclients.dat).
Notes:
The input files for the various certificate stores must follow specific formats. For details, see Certificate Store Human-Readable File Formats.
For information on how the certapp tool processes the information given in the input files to generate output files, see How certapp Processes Input File Information.
The certapp tool helps in performing the following tasks:
Creating a certificate store
Dumping a certificate store to human-readable form
Augmenting a certificate store
For details, see Using certapp.