http://help.adobe.com/en_US/air/build/WS5b3ccc516d4fbf351e63e3d118666ade46-7f74.html
You
can use self-signed certificates to produce a valid AIR installation
file. However, self-signed certificates only provide limited security
assurances to your users. The authenticity of self-signed certificates
cannot be verified. When a self-signed AIR file is installed, the
publisher information is displayed to the user as Unknown. A certificate
generated by ADT is valid for five years.
If you create an update for an AIR application that was signed with a self-generated certificate, you must use the same certificate to sign both the original and update AIR files. The certificates that ADT produces are always unique, even if the same parameters are used. Thus, if you want to self-sign updates with an ADT-generated certificate, preserve the original certificate in a safe location. In addition, you will be unable to produce an updated AIR file after the original ADT-generated certificate expires. (You can publish new applications with a different certificate, but not new versions of the same application.)
If you create an update for an AIR application that was signed with a self-generated certificate, you must use the same certificate to sign both the original and update AIR files. The certificates that ADT produces are always unique, even if the same parameters are used. Thus, if you want to self-sign updates with an ADT-generated certificate, preserve the original certificate in a safe location. In addition, you will be unable to produce an updated AIR file after the original ADT-generated certificate expires. (You can publish new applications with a different certificate, but not new versions of the same application.)
Important: Because of the limitations of self-signed
certificates, Adobe strongly recommends using a commercial certificate
issued by a reputable certification authority for signing publicly
released AIR applications.
The certificate and
associated private key generated by ADT are stored in a PKCS12-type
keystore file. The password specified is set on the key itself,
not the keystore.Certificate generation examples
adt -certificate -cn SelfSign -ou QE -o "Example, Co" -c US 2048-RSA newcert.p12 39#wnetx3tl adt -certificate -cn ADigitalID 1024-RSA SigningCert.p12 39#wnetx3tlTo use these certificates to sign AIR files, you use the following signing options with the ADT -package or -prepare commands:
-storetype pkcs12 -keystore newcert.p12 -keypass 39#wnetx3tl -storetype pkcs12 -keystore SigningCert.p12 -keypass 39#wnetx3tl
Note: Java
versions 1.5 and above do not accept high-ASCII characters in passwords used
to protect PKCS12 certificate files. Use only regular ASCII characters
in the password.
ADT -package command examples
Package specific application files in the current directory
for a SWF-based AIR application:
adt –package -storetype pkcs12 -keystore cert.p12 myApp.air myApp.xml myApp.swf components.swc
No comments:
Post a Comment