Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

Native Development

Reply
Developer
Apodidae
Posts: 57
Registered: ‎10-29-2010
My Device: Z10 LE, PlayBook
My Carrier: T-Mobile

New code-signing process and contractors...

With signing keys being tied to BlackBerry IDs, I'm wondering how this will affect me as a contractor.

 

Currently, I code for several different companies. They send me their signing key backup file, which I load into Momentics (I have different users set up on my computer for each account). This lets me use their company signing keys for their contract, and apps are not tied to my own set of keys. I don't have access to their BlackBerry ID, vendor portal, or other areas tied to their BlackBerry ID. I just code, debug, test, and give them to signed application, which they test and load into their vendor portal or MDM.

 

With the new setup, does this mean I won't be able to use the same process? Will I need to have access to their BlacBerry ID, vendor portal, and all other things tied to their BlackBerry ID (doesn't seem very secure)? Or am I going to have to only use developer mode and have them set up (and keep updated) a computer with all of the development tools so they can sign it themselves before distributing? Right now, they don't have any of that set up, letting me do the grunt work for them.

 

I'm just trying to figure out how to implement this new process without creating any headaches for the different contracts I have in place.

Please use plain text.
Developer
ekke
Posts: 1,460
Registered: ‎04-08-2010
My Device: Z10 (red Limited Edition), Q10, Z30
My Carrier: Telekom.de, O2, Vodafone

Re: New code-signing process and contractors...

from my understanding you can still work the 'old' way.

Using signing keys linked to BB ID is only a convenient way to do this

-------------------------------------------------------------------------------
ekke (independent software architect, rosenheim, germany)

BlackBerry Elite Developer
International Development Mobile Apps BlackBerry 10 Cascades
Cascades - Workshops / Trainings / Bootcamps

Open Source Enthusiast
blog: http://ekkes-corner.org videos: http://www.youtube.com/user/ekkescorner
bb10-development: http://appbus.org Twitter: @ekkescorner
Please use plain text.
Developer
simon_hain
Posts: 16,017
Registered: ‎07-29-2008
My Device: Z10 LE
My Carrier: O2 Germany

Re: New code-signing process and contractors...

you can continue to use the old process afaik.
----------------------------------------------------------
feel free to press the like button on the right side to thank the user that helped you.
please mark posts as solved if you found a solution.
@SimonHain on twitter
Please use plain text.
Administrator
MSohm
Posts: 14,433
Registered: ‎07-09-2008
My Device: BlackBerry Z30, BlackBerry PlayBook
My Carrier: Bell

Re: New code-signing process and contractors...

You could still use the workflow you describe for BlackBerry ID.  The only change would be that your customer would log into their BlackBerry ID account, download their BlackBerry ID token and send that to you.

 

The previous method for code signing is still supported as well.

Mark Sohm
BlackBerry Development Advisor

Please refrain from posting new questions in solved threads.
Problem solved? Click the Accept As Solution button.
Found a bug? Report it using Issue Tracker
Please use plain text.
Developer
peter9477
Posts: 6,473
Registered: ‎12-08-2010
My Device: PlayBook, Z10
My Carrier: none

Re: New code-signing process and contractors...

For future reference to newcomers, this thread relates to the new BBID approach to code signing described in Mark's blog post here: http://devblog.blackberry.com/2013/08/code-signing-keys-be-gone-welcome-blackberry-id/

Peter Hansen -- (BB10 and dev-related blog posts at http://peterhansen.ca.)
Author of White Noise and Battery Guru for BB10 and for PlayBook | Get more from your battery!
Please use plain text.
Developer
peter9477
Posts: 6,473
Registered: ‎12-08-2010
My Device: PlayBook, Z10
My Carrier: none

Re: New code-signing process and contractors...

Mark, about the "you could still use the workflow you describe for BlackBerry ID", can you expand a bit on how one would handle this arrangement with multiple signing keys in parallel use (for different projects)?

I've got my own keys from before (with barsigner.csk, author.p12 etc where they should be) and it's working fine from the command line.

I've got a customer who needs their own signing credentials, but would prefer not to install the NDK etc just to sign stuff. (You guys should really decouple the command line utilities like bb-signer and bb-deploy and such from the NDK, so they can be a small separate download and have useful GUI tools built up around them, but that's a topic for another thread.)

Assuming they log into the Jam Zone and get their new BBID token, and send it to me, what else is required on their part and what do I need to do to manage the two sets of keys?

From what I can tell, someone still needs to request signing keys (i.e. the CSJ files) from the SignedKeys/ web form. Those are useless without the command line tools, however, so presumably they have to send those to me to create a developer certificate (on their behalf).

Creating a certificate may overwrite (?) the existing author.p12 and barsigner.csk/db files, so I presumably have to juggle those (preserve old ones first) myself, unless the tools provide a way to store them elsewhere and point to which set to use.

I feel like I should start a knowledgebase article about all this stuff, but I don't have the background info to start yet. Maybe if you can give some guidance on the above I can start putting that into a clear overview of what the pieces are, how they're used, and best practices for working with them in special situations such as subcontract arrangements like I and the OP appear to have.

Peter Hansen -- (BB10 and dev-related blog posts at http://peterhansen.ca.)
Author of White Noise and Battery Guru for BB10 and for PlayBook | Get more from your battery!
Please use plain text.
Administrator
MSohm
Posts: 14,433
Registered: ‎07-09-2008
My Device: BlackBerry Z30, BlackBerry PlayBook
My Carrier: Bell

Re: New code-signing process and contractors...

A KB article for this scenario sounds like a great idea.  I've added it to my todo list and will create one.  I'll post a link to it in this thread once it's live.

Mark Sohm
BlackBerry Development Advisor

Please refrain from posting new questions in solved threads.
Problem solved? Click the Accept As Solution button.
Found a bug? Report it using Issue Tracker
Please use plain text.
Developer
peter9477
Posts: 6,473
Registered: ‎12-08-2010
My Device: PlayBook, Z10
My Carrier: none

Re: New code-signing process and contractors...

We've provisionally gone the route of my client getting his BBID token and sending it to me with the password, and me signing the app for him, using 10.2.

 

To make this work, at first I tried just blindly executing the "blackberry-signer -bbidtoken" as shown in the utility's own help, without touching my existing keys (other than backing them up again) and the first response was:

c:\>blackberry-signer -bbidtoken bbidtoken.csk -storepass PASSWORD Signing-test.bar
Error: Failed to decrypt keystore, invalid store password or store password not supplied.

I tried again with the wrong password and got this:

c:\>blackberry-signer -bbidtoken bbidtoken.csk -storepass WRONGPASSWORD Signing-test.bar
Error: The specified CSK password is not valid.

The error was obviously with something other than the bbidtoken.csk and the only other file involved had to be my existing author.p12 (for my own company).

 

I generated a new author.p12 file with "blackberry-keytool -genkeypair -keystore author.p12 -storepass PASSWORD -author "Client Name" and copied that to the expected location in C:\Documents and Settings\<username>\Local Settings\Application Data\Research In Motion.  Note that I used the SAME password as the bbidtoken.csk password, since the example command appeared to indicate that this was necessary (though possibly with more arguments it would not be).

 

Trying again:

N:\xfer>blackberry-signer -bbidtoken bbidtoken.csk -storepass PASSWORD Signing-test.bar
Info: Bar signed.

The file installs fine and runs. Checking the MANIFEST.MF I see that it has the desired Package-Author field ("Client Name") which must come from the -author argument used to make the .p12 file.

 

If any of that is Doing it Wrong, please let me know. We're trying the install on his BES10 tomorrow.


Peter Hansen -- (BB10 and dev-related blog posts at http://peterhansen.ca.)
Author of White Noise and Battery Guru for BB10 and for PlayBook | Get more from your battery!
Please use plain text.
Administrator
MSohm
Posts: 14,433
Registered: ‎07-09-2008
My Device: BlackBerry Z30, BlackBerry PlayBook
My Carrier: Bell

Re: New code-signing process and contractors...

That looks correct, assuming the BlackBerry ID Token is from the appropriate BlackBerry ID account (the company you are making the app for).

Mark Sohm
BlackBerry Development Advisor

Please refrain from posting new questions in solved threads.
Problem solved? Click the Accept As Solution button.
Found a bug? Report it using Issue Tracker
Please use plain text.
Administrator
MSohm
Posts: 14,433
Registered: ‎07-09-2008
My Device: BlackBerry Z30, BlackBerry PlayBook
My Carrier: Bell

Re: New code-signing process and contractors...

The knowledge base article for this is now live:

 

BlackBerry 10 Code Signing Guide for Contractors with Multiple Clients

Mark Sohm
BlackBerry Development Advisor

Please refrain from posting new questions in solved threads.
Problem solved? Click the Accept As Solution button.
Found a bug? Report it using Issue Tracker
Please use plain text.