Signing

Code signing and provisioning for the various platforms

While Codename One can simplify most of the grunt work in creating cross platform mobile applications, signing is not something that can be significantly simplified since it represents the developers individual identity in the markets. In this document we attempt to explain how to acquire certificates for the various markets and how to set them up to the build.

The good news is that this is usually a "one time deal" and once its done the work becomes easier (except for the case of iOS where a provisioning profile should be maintained).

iOS (iPhone/iPad)

iOS signing has two distinct modes: App Store signing which is only valid for distribution via iTunes (you won't be able to run the application yourself) and development mode.

You have two major files to keep track of:
Certificate - your signature
Provisioning Profile - details about your application and who is allowed to run it

You need two of each file (4 total files) one pair is for development and the other pair is for that precious moment when you are ready to upload to the App Store.

Warning: this process only works on a Mac, the Adobe process linked here for Windows will produce an invalid certificate that will not WORK!
Adobe wrote a pretty decent signing tutorial on this subject for Air which you can pretty much follow to get the files we need (p12 and mobileprovision). They also cover the certificate to p12 conversion process. Currently as far as we know, the best option for developers who don't have access to a Mac is to use a service like http://www.macincloud.com/.

The first step you need to accomplish is signing up as a developer to Apple's iOS development program, even for testing on a device this is required!

The Apple website will guide you through the process of applying for a certificate at the end of this process you should have a distribution and development certificate pair. After that point you can go to the iOS provisioning portal where there are plenty of videos and tutorials to guide you through the process. You need to create an application ID and register your development devices.

You then create a provisioning profile which comes in two flavors: distribution (for building the release version of your application) and development. The development provisioning profile needs to contain the devices on which you want to test.

You can then configure the 4 files in the IDE and start sending builds to the Codename One cloud.

If you have problems along the way or fail to install the resulting files check out the troubleshooting guide here.

Android

Its really easy to sign Android applications if you have the JDK installed. Find the keytool executable (it should be under the JDK's bin directory) and execute the following command:

keytool -genkey -keystore Keystore.ks -alias [alias_name] -keyalg RSA -keysize 2048 -validity 15000 -dname "CN=[full name], OU=[ou], O=[comp], L=[City], S=[State], C=[Country Code]" -storepass [password] -keypass [password]

The elements in the brackets should be filled up based on this:

  • Alias: [alias_name] (just use your name/company name without spaces)
  • Full name: [full name]
  • Organizational Unit: [ou]
  • Company: [comp]
  • City: [City]
  • State: [State]
  • CountryCode: [Country Code]
  • Password: [password] (we expect both passwords to be identical)

Executing the command will produce a Keystore.ks file in that directory which you need to keep since if you lose it you will no longer be able to upgrade your applications! Fill in the appropriate details in the project properties or in the CodenameOne section in the Netbeans preferences dialog.

For more details see http://developer.android.com/guide/publishing/app-signing.html

RIM/BlackBerry

You can now get signing keys for free from RIM by going here. After obtaining the certificates and installing them on your machine (you will need the RIM development environment for this). You will have two files: sigtool.db and sigtool.csk on your machine (within the JDE directory hierarchy). We need them and their associated password to perform the signed build for Blackberry application.

J2ME

Currently signing J2ME application's isn't supported. You can use tools such as the Sprint WTK to sign the resulting jad/jar produced by Codename One.