02-14-2010 05:21 AM
I have a library that contains classes that requires signing in order to use restricted API:s. One of the functions in the library uses "Persistent Storage". My application accesses this library module by an import of the library and then instanciates and calls the function I need.
Is it sufficient to have the library signed or does the application calling the library need signing too?
Is it possible to set the simulator so it actually tests that the modules using restricted API:s are signed correctly?
Solved! Go to Solution.
02-14-2010 06:42 AM
Check the simulator setting "Enable device security". When this setting is enabled, the simulator checks signatures almost like an actual handheld would. For your purposes, that should be good enough. If your module is missing a required signature, the simulated handheld will complain same as a normal handheld would.
02-14-2010 06:46 AM
Regarding the need for signing of an application that only accesses non-restriced APIs from a library, I don't think you need to sign the application. You should still check whether the application has enough signatures to perform its other functions, such as showing something on the screen.
P.S. You can restrict access to your library's APIs using code signing too.
02-14-2010 07:10 AM
Not sure what you mean by
>Regarding the need for signing of an application that only accesses non-restriced APIs from a library, I >don't think you need to sign the application. You should still check whether the application has enough >signatures to perform its other functions, such as showing something on the screen.
The functions in the library do access restricted API:s. The application uses these functions by importing and instanciating these functions from the library. So my question was if the need for signing is propagated upwards to the application or if it is enough to have the library signed. The actual "use" of the restricted API is in the application.
Since I can test this with the simulator I can possibly answer it by testing.
02-14-2010 07:44 AM
What is meant is that you can restrict access (using code signing) to the APIs exported by your library.
Also, I'm not 100% sure, but I believe some RIM methods check whether all code on the call stack (as opposed to just the calling method) is signed with a certain RIM key.
02-14-2010 07:56 AM
I will test it using the simulator. Will report back if it works