This section provides information on the guidelines that the certapp tool
follows to process various entities in the input files used to create certificate
store files.
Note: Input text files can be 7-bit text or UTF-8. If a file is UTF-8, it can optionally start with a UTF-8 Byte Order Marker. This is the marker that Windows uses when saving files as UTF-8.
The certapp tool
ignores white space (space, tab, carriage return and line feed characters)
in input files. Instead, the line-ending convention of the platform on which
the tool runs is followed.
The certapp tool
treats a series of bytes within double quote characters (in the input files)
as a single token.
A double quote character can be included in a double-quoted string by preceding it with a back slash, as shown in the following example:
This is how you include \” in a double-quoted string.
A backslash character can be included in a double quoted string by preceding it with another back slash, as shown in the following example:
This is how you include \\ in a double-quoted string.
The double quote syntax can be used to set any text field value, such as the certificate label, to any UTF-8 value, including quote characters, spaces, UTF-8 escape sequences and so on.
Note: UTF-8 values are defined such that a UTF-8 escape sequence never contains a back slash character.
All enumerated values can be specified as numeric values, though using text values is strongly recommended.
Any numeric value can be entered in decimal as a raw number or in hexadecimal by prefixing the number with 0x.
For a certificate, a capability set is a list of capabilities allowed in applications that have the certificate as their trust anchor. Capability set values can be specified as numeric bit offsets (starting from 0), though using text values is strongly recommended, as shown in the following example:
CapabilitySet {ProtServ DiskAdmin NetworkControl
AllFiles SwEvent NetworkServices LocalServices} It is recommended
that you set the SubjectKeyId field to an auto value
in the input file for creating the certificate store file. In addition, set
the IssuerKeyId field either to auto or
to an empty octet string.
When the SubjectKeyId and
the IssuerKeyId fields are set to auto or
if you omit setting values for these fields in the input file, the certapp
tool performs its own processing to determine their values. The following
sub-sections provide the details.
Setting SubjectKeyId to auto
When SubjectKeyId is
set to auto or if the field is omitted, then the following
algorithm is used for determining the value of the field:
If the store type is
not SWI certificate store, the certificate type is not user, and an X.509 SubjectKeyId extension
with length less than or equal to 20 bytes is present, then this extension
is used as the value of the SubjectKeyId field.
Otherwise, the value
of the SubjectKeyId field is calculated based on the certificate’s
public key characteristics using a Symbian-specific algorithm.
The SubjectKeyId field value is stored in the certificate
metadata and can be used by applications when querying the certificate store
using a filter.
Setting IssuerKeyId set to auto
If
the IssuerKeyId field is set to auto or
if the field is omitted, the following algorithm is used for determining the
value of the field:
If the store type is
not SWI certificate store, and an X.509 AuthorityKeyId extension
with length less than or equal to 20 bytes is present, then this extension
is used as the value of the IssuerKeyId field. An authority
key identifier specifies the public key that is used to sign the certificate.
If a single certificate
is present in the certificate store with the subject matching the issuer of
the original certificate (for which the IssuerKeyId is to
be set), the IssuerKeyId is set to the SubjectKeyId of
the matching certificate.
Note:
When generating IssuerKeyId values
for SWI store certificates, all certificates within the SWI certificate store
are considered. When generating values for file certificate store, all certificates
in both the SWI certificate store and the file certificate store are considered.
Otherwise, the IssuerKeyId is
set to an empty octet string.
The IssuerKeyId field value is stored in the certificate
metadata and can be used by applications when querying the certificate store
using a filter. To filter certificates by IssuerKeyId, set
the field to auto, otherwise set it to an empty octet string (for example,
’’).
Note: In case of a certificate that is not of type X.509, if you do not set the IssuerKeyId or the SubjectKeyId values to auto or empty octet strings, you can set them to octet strings, as explained in the following sub-sections.
Setting SubjectKeyId and IssuerKeyId to octet strings
Consider
the following example of an octet string value to which you can set the SubjectKeyId field:
SubjectKeyId ’01:02:43’
The SubjectKeyId field
is set to an octet string consisting of the numbers 0x01, 0x02 and 0x03.
The string can be 0 to 20 bytes long. The length limit is imposed by the certificate
store metadata structure, but the usual values are SHA1 hash of certificate
fields and hence 20 bytes long.