08-19-2013 10:36 AM
With signing keys being tied to BlackBerry IDs, I'm wondering how this will affect me as a contractor.
Currently, I code for several different companies. They send me their signing key backup file, which I load into Momentics (I have different users set up on my computer for each account). This lets me use their company signing keys for their contract, and apps are not tied to my own set of keys. I don't have access to their BlackBerry ID, vendor portal, or other areas tied to their BlackBerry ID. I just code, debug, test, and give them to signed application, which they test and load into their vendor portal or MDM.
With the new setup, does this mean I won't be able to use the same process? Will I need to have access to their BlacBerry ID, vendor portal, and all other things tied to their BlackBerry ID (doesn't seem very secure)? Or am I going to have to only use developer mode and have them set up (and keep updated) a computer with all of the development tools so they can sign it themselves before distributing? Right now, they don't have any of that set up, letting me do the grunt work for them.
I'm just trying to figure out how to implement this new process without creating any headaches for the different contracts I have in place.
08-19-2013 10:54 AM
from my understanding you can still work the 'old' way.
Using signing keys linked to BB ID is only a convenient way to do this
08-19-2013 10:54 AM
08-19-2013 11:27 AM
You could still use the workflow you describe for BlackBerry ID. The only change would be that your customer would log into their BlackBerry ID account, download their BlackBerry ID token and send that to you.
The previous method for code signing is still supported as well.
08-22-2013 12:04 PM
08-22-2013 12:24 PM
08-22-2013 01:00 PM
A KB article for this scenario sounds like a great idea. I've added it to my todo list and will create one. I'll post a link to it in this thread once it's live.
08-27-2013 06:50 PM
We've provisionally gone the route of my client getting his BBID token and sending it to me with the password, and me signing the app for him, using 10.2.
To make this work, at first I tried just blindly executing the "blackberry-signer -bbidtoken" as shown in the utility's own help, without touching my existing keys (other than backing them up again) and the first response was:
c:\>blackberry-signer -bbidtoken bbidtoken.csk -storepass PASSWORD Signing-test.bar Error: Failed to decrypt keystore, invalid store password or store password not supplied.
I tried again with the wrong password and got this:
c:\>blackberry-signer -bbidtoken bbidtoken.csk -storepass WRONGPASSWORD Signing-test.bar Error: The specified CSK password is not valid.
The error was obviously with something other than the bbidtoken.csk and the only other file involved had to be my existing author.p12 (for my own company).
I generated a new author.p12 file with "blackberry-keytool -genkeypair -keystore author.p12 -storepass PASSWORD -author "Client Name" and copied that to the expected location in C:\Documents and Settings\<username>\Local Settings\Application Data\Research In Motion. Note that I used the SAME password as the bbidtoken.csk password, since the example command appeared to indicate that this was necessary (though possibly with more arguments it would not be).
N:\xfer>blackberry-signer -bbidtoken bbidtoken.csk -storepass PASSWORD Signing-test.bar Info: Bar signed.
The file installs fine and runs. Checking the MANIFEST.MF I see that it has the desired Package-Author field ("Client Name") which must come from the -author argument used to make the .p12 file.
If any of that is Doing it Wrong, please let me know. We're trying the install on his BES10 tomorrow.
08-28-2013 10:54 AM
That looks correct, assuming the BlackBerry ID Token is from the appropriate BlackBerry ID account (the company you are making the app for).
08-30-2013 09:49 AM
The knowledge base article for this is now live: