Welcome!

Welcome to the Official BlackBerry Support Community Forums. This is your resource to discuss support topics with your peers, and learn from each other. New to the forum? Please visit the ‘Getting Started’ link below.
All New Topics | All New Posts
inside custom component

Java Development

Reply
Topic Options
Yevgeniy
New Contributor
Yevgeniy
Posts: 2
Registered: ‎08-30-2011
My Carrier: Blackberry developer
Accepted Solution

Protecting the SQLite database

[ Edited ]
Options

‎08-30-2011 12:56 PM - edited ‎08-30-2011 01:07 PM

Hi All,

 

In my app I have a database which must be protected with a key to restrict other apps on this device from accessing it.

 

The problem is that I cannot get the signing key in runtime: whatever I do the CodeSigningKey.get(...) always returns null.

 

This is my code:

        final CodeSigningKey key = CodeSigningKey.get(AbstractDB.class);
        if (key != null) {
            Log.d("+ GOT SIGNING KEY");
            final DatabaseSecurityOptions secopt = new DatabaseSecurityOptions(key);
            db = DatabaseFactory.create(name,  secopt);
        } else {
            Log.d("- SIGNING KEY IS NULL");
        }

 I have downloaded Signing Authority Tool and created a TEST.key using it, and put it in {project_root}/keys/TEST.key in my Eclipse project.

Also, I've doule-clicked TEST.key in Eclipse and selected AbstractDB class to be signed with it.

 

I run my app on a real device, not in the simulator.

 

I run it as follows:

1. start debugging on a device - this initiates packaging and siging the .cod file. (However, in the signing tool window I get a warning about my TEST.key: "Not registered" and "Please contact the signer and register with the Signing Authority.")

2. with Signing Authority Tool I sign my .cod file obtained on step 1 using my TEST.key

3. I click debug on device once again, and the signing tool signs the main .cod file again, and then the app starts on the device.

 

However, the key I get from CodeSigningKey.get(..) is always null.

 

What do I do wrong?

Report Inappropriate Content
Message 1 of 2 (1,753 Views)
Reply
0 Likes
Please use plain text.
 
Yevgeniy
New Contributor
Yevgeniy
Posts: 2
Registered: ‎08-30-2011
My Carrier: Blackberry developer

Solution

[ Edited ]
Options

‎08-31-2011 06:13 AM - edited ‎08-31-2011 06:14 AM

First of all, you needed an object instance in CodeSigningKey.get(...), like get(this). However, there is one thing you should aware of: if your object extends some classes and/or implements some interfaces, then ALL of those must be signed with same key in order to work. If any of ancestor classes/interfaces is not signed you will get null.

 

This can be a problem if your hierarchy is deep enough. Information about which classes are signed with which keys is stored in BlackBerry_App_Descriptor.xml, and copied into parameters of signing tool when you click Debug. It may happen that command line gets too long so the signing tool fails with "Invalid parameter" message in the console.

 

So I've extracted a class specially for the signing purpose:

final public class SignatureClass {
    private static final SignatureClass INSTANCE = new SignatureClass();

    private SignatureClass(){}

    public static CodeSigningKey getKey(){
        return CodeSigningKey.get(INSTANCE);
    }
}

I sign only this class with my key and use SignatureClass.getKey() to get the key.

 

PS: Also, if you move/rename classes or keys check that signing references in the BlackBerry_App_Descriptor.xml are valid. They aren't updated automatically.



Report Inappropriate Content
Message 2 of 2 (1,726 Views)
Reply
0 Likes
Please use plain text.