BlackBerry Signing in the Enterprise

Apps

Keys on a sheet with encrypted data

Introduction
Everybody always needs a signature to make it official. It has been like this since the stone ages and it’s still the same in the Mobile age.
There was a time when it felt like we lived in the stones ages too when it came to BlackBerry application code signing. Today though, this can be accomplished using your BlackBerry ID. This has been simplified by the improvements in our latest tools; Momentics 2.0 and WebWorks 2.0 with integrated BlackBerry ID signing.

This also makes life a little easier and more secure for Enterprises. Working with large teams the former signing key distribution was a bit of a pain, but now using a BlackBerry ID all your tools are pretty easy to setup.

Before you go straight into using your existing BlackBerry ID’s, I’d like to propose you take a little time and read our recommendations on how to use BlackBerry ID signing in the Enterprise, it might save you some headaches later.

Using BlackBerry ID signing in the Enterprise

BlackBerry signing is an integral part of your development process and within a larger team and with continuous integration servers it can become a bit of a mess to manage all the signing keystore files on all the systems. Without the proper signing your apps will not run on a real device, it better work all the time or you lose valuable time.

You used to need to copy over the companies signing keys to all the relevant machines you develop on. It would be a real shame if you would have lost your keys, as without the same keys you can’t update applications that were previously signed with the same signing ID. The new applications would be considered complete new app and when deployed would overwrite/delete any existing data users might have in their previous version of the app. Talk about bad user experience.

Now using the BlackBerry ID, you don’t have to copy them over any more and you can just generate the correct signing keys where you need them.

The BlackBerry ID signing process not only safeguards your keys, but at the same time provides you with more security. Previously with all of the signing keys being copied over, these could easily be copied to non-authorized systems and possibly be abused by the ‘Evil’ coder. This could potentially run you the risk of your signing keys being revoked if malicious code was released anonymously using your signatures.

By putting the signing process behind a BlackBerry ID, that has a password, you can easily just change the password of the BlackBerry ID to lock out potential abuse of, for instance, developers that have left your company. It brings back the power to you.

Recommendations for using BlackBerry ID signing

So before heading off and having every developer try to get their own signing keys, please take a little moment to setup things properly. This will allow you as a company to stay in control and make it easier to work with third parties that might develop applications for you.

When using BlackBerry ID signing within your Enterprise, ensure the ID is not linked to a specific user email address. If this user leaves and his mailbox is deleted, you have no means to recover any history or be able to perform password resets.

So try to use a generic email account or even better a distribution list email, this way you can add all of your relevant developers to the distribution list.

For example create a similar BlackBerry ID

First name: BlackBerry Signing
Last name: Account
BlackBerry ID username: bb_signing@starkindustries.com

signing2

New to BlackBerry Development?

If you are new* to BlackBerry development and have no previous keys, you can now use this account to request your Signing keys on our Signing website.

*NOTE: If you already have existing keys PLEASE first read the next section on how to migrate your existing keys to the new BlackBerry ID you just created, otherwise you will link the ID with new signing keys and can not attach the old ones to this new BlackBerry ID.

Steps to getting keys and setting up your development environments:

  1. Request code signing keys from here.
  2. Setup your Momentics 2,0 environment and follow this process to sign and publish apps.
  3. Setup your WebWorks 2.0 environment

And basically you’re now good to go. If a new developer joins your team or you have third party developers building apps for you, you can just give them the BlackBerry ID user name (email address) and the current password of the BlackBerry ID account and they can use this to setup their Development tools.

Another option is to only give out BlackBerry ID tokens to the developers.
These are valid for a full year and keeps the BlackBerry ID even more secure, as the developers don’t know the account.

Migrating from ‘legacy’ signing keys to BlackBerry ID

Most of you have been building applications before the dawn of the new BlackBerry ID age and therefore you’ll need to migrate your existing keys to your newly created BlackBerry ID. This will ensure your app updates will keep flowing out smoothly and don’t encounter a bit of a bump during the next update.

We have the proper documentation on how to link your previous signing keys to your new BlackBerry Signing ID and you can find it here, but I’ve also included a little step by step tutorial in this blog to keep you with me a little longer and allowing you to like my post and retweet it as you like. If you don’t want to stay look at the links below to go straight ahead, otherwise walk with me.

Step 1

Go to the request signing keys page and get a BlackBerry ID token.
https://www.blackberry.com/SignedKeys/codesigning.html

Select the “For BlackBerry 10 apps developed using a BlackBerry SDK 10.2 or Higher, or BlackBerry 10 WebWorks SDK 2.0 and higher, or any apps repackaged using the BlackBerry repackaging tools for Android 1.6.1 or higher)

signing3

Please make sure you remember the password you specified here:

signing4

Step 2

Place the downloaded bbidtoken.csk in the correct folder as specified in the image below.

signing5

Step 3

Ensure you have installed Momentics 2.0 and/or WebWorks 2.0 on your development machine. The BlackBerry-Signer tool included in those installation packages is required to link your previous signing keys to the new BlackBerry ID token. Search for the tool in Explorer (PC) or Finder (Mac) in the Momentics or WebWorks installation folder (on a mac open the momentics.app package to find the path to the blackberry-signer command).

Default path on Mac: /Applications/BlackBerry/BB10 WebWorks SDK 2.0.0.54/cordova-blackberry/bin/dependencies/bb-tools/bin
Default path on PC: C:\Program Files\BlackBerry\BB10 WebWorks SDK 2.0.0.54\cordova-blackberry\bin\dependencies\bb-tools\bin

Step 4

Open a Command prompt (PC) or Terminal shell (MAC) and in the path where you found the blackberry-signer command execute the following command to link your previous keys to the new BlackBerry ID token.

Command on MAC (copy paste-able):
/Applications/BlackBerry/BB10\ WebWorks\ SDK\ 2.0.0.54/cordova-blackberry/bin/dependencies/bb-tools/bin/blackberry-signer -linkcsk -bbidtoken bbidtoken.csk -oldcskpass -bbidcskpass

Command on PC (copy paste-able):
“C:\Program Files\BlackBerry\BB10 WebWorks SDK 2.0.0.54\cordova-blackberry\bin\dependencies\bb-tools\bin\blackberry-signer” -linkcsk -bbidtoken bbidtoken.csk -oldcskpass -bbidcskpass

You should get prompted with the following:
“Info: CSK successfully linked to BBID”

And with that you’re all done! Enjoy your new signing setup.

Summary

Using the BlackBerry ID signing, your life in the Enterprise just got a little easier and you’re more in control over the signing process.
Now enjoy developing those BlackBerry 10 applications and don’t forget to check the blogs frequently to see how we can make your life even more trouble free.

About Dennis Reumer

Sr. Enterprise Developer @BlackBerry - Helping out Enterprises and Partners to build future proof solutions that accelerate their business and create new markets. Find me also on Twitter @reumerd

Join the conversation

Show comments Hide comments
+ -
blog comments powered by Disqus