Signing a MIDlet suite allows MIDP devices to verify the integrity and origins
of your MIDlet suite. MIDP devices use signing information to check an application's
source and validity before allowing it to access protected APIs. To sign a MIDlet
suite, you create a key pair:
A private
key that is used to create a digital signature, or certificate.
A public
key that can be used by anyone to verify the authenticity of the signature.
Each
certificate has a designated security
domain.
Once
your MIDlet suite has been verified, it can access any of the protected
APIs permitted by its security domain.
Although the security domains available vary from device to device, the following
security domains are supported by the IDE and the default emulator platform,
the Sun Java Wireless Toolkit:
Trusted. A MIDlet suite with a JAR file that is both signed with
a certificate chain that the device can verify and has not been tampered
with.
Untrusted. A MIDlet suite for which the origin and the integrity
of the JAR file cannot be trusted by the device (for example, unsigned MIDlet
suites).
Minimum. A security domain where all permissions to protected APIs
are denied, including access to push functionality and network protocols.
You can sign a MIDlet suite by:
using the default keystore (with the security domains described above).
importing a key pair from an existing
keystore.
creating a new key pair.
You then have to export the certificate
and set its security domain in each emulator.
MIDlet signing is only available for projects whose
profile version is set to MDP 2.0. For information on setting the project
profile version, see Customizing Platform
Properties.
For more information about Java ME security features, see "Security for
MIDP Applications and Trusted MIDlet Suites Using X.509 PKI" in the MIDP
2.0 specification. You can download the specification from: