2. Associate the key pair with a code-signing certificate from a recom-
Sign the MIDlet suite and incorporate the certificate into the JAD file.
To sign a MIDlet suite, the supplier of the suite needs to obtain a
public-private key pair either by generating a new key pair or importing
an existing key pair. The WTK provides tools for doing this; they can be
accessed by opening your project and choosing the Project/Sign option
from the main panel. Clicking the Sign button brings up the panel shown
in Figure 2.14. To generate the key pair, click on Keystore, then New
Key Pair, enter the appropriate details and click the Create button (see
Figure 2.14 Sign MIDlet Suite view of the WTK
A new key pair is generated and added to the WTK key store. The
newly-generated public key is incorporated into a self-signed certificate.
We use this to obtain a suitable MIDlet suite code-signing certificate from
an appropriate source (such as a recommended Certification Authority,
for instance, Verisign or Thawte) that can be authenticated by a root
certificate that ships with the device or is contained in the WIM/SIM
card. Application developers and suppliers should contact the relevant
developer program of the device manufacturer or network operator to
ascertain the appropriate CA.
We can then generate a Certificate Signing Request (CSR) using our self-
signed certificate and the Generate CSR option in the WTK (Figure 2.16).
This generates a file containing the CSR that can be saved to a convenient
location. The contents of the CSR can then be copied into an email to the
recommended CA, requesting a code-signing certificate.