[niceonedave]

I have been developing an app for a while using JDE version 4.3.0. I have a code signing key that I have been using to sign the CODs and everything has worked fine on all devices. I now want to upgrade the JDE (I have tried both 4.7.0 and 5.0.0 beta). I have an ANT script that does all the building and signing of the app and I have upgraded the following files that it references:

net_rim_api.jar
preverify.exe
rapc.exe
rapc.jar
SignatureTool.jar

I am able to build the application fine (during the signing part I do get the following prompt though: Please enter your private key password to update and re-encrypt your private key information file.) but when I try to run it on a device I get the following error at startup:

Error starting abc: Module 'xyz' must be signed with the RIM Runtime Code Signing Key (RRT).

Do I need to get a new key for each version of the JDE that I compile against or should the key that I have been using with JDE 4.3.0 also work with newer versions of the JDE? And if so does anyone have any ideas why I am now getting this error?

N.B. I am currently testing with a 9700 device.

[Dougsg38p]

you need to copy the sigtool.* files from the /bin directory of the original JDE, to the new installations.

[niceonedave]

I have a directory that contains the SignatureTool.jar file (not in the JDE bin directory). This directory also contains the sigtool.csk and sigtool.db file. So these files are already in place.

[niceonedave]

OK, so an update. When I compile using the old rapc.exe I notice that the SignatureTool does include the RRT signer. But with the new one it doesn't, any ideas why this would be?

[niceonedave]

Does anyone have any advice whatsoever on updating from one JDE to another? I still can't get my app to run after compiling with 4.7.0 or 5.0.0 beta. I ordered a new set of code signing keys from RIM in case that was the problem, but it appears they have just sent me a copy of the same keys I had before. I get an error when running the csi files that there are no more registration attempts available.

[Dougsg38p]

I have been copying my sigtool.* from one JDE to another, since 4.0.1. So far, no issues.

[niceonedave]

What are all the sigtool.* files you have. I only have .csk and .db But I seem to remember someone before saying there were 3 of them. This was one of the reasons I ordered a new set of keys, so that I could recreate these files.

[Dougsg38p]

sigtool.db
sigtool.csk
sigtool.set

These are located in:

C:\Program Files\Research In Motion\BlackBerry JDE 4.2.1\bin

(on my dev system).

[niceonedave]

Right, so I am missing the .set file. Any idea what is in that file?

[Dougsg38p]

Not much. Looks like component size and position data.

Contents of mine:

#This file contains the settings for the Signature Tool.
#Sun Jan 24 10:38:28 CST 2010
tableHeight=576
frameHeight=400
tableWidth=602
4=154
frameWidth=650
3=41
2=58
1=115
0=234

However, I don't think this is your problem. How are you invoking the signature tool?

[niceonedave]

It is all done in an ANT script, this is the ANT target

Code:

<!-- Sign COD modules to allow access to secure APIs -->
<target name="requestSignature" description="Request signature to access secure APIs on the device">
	<java jar="${blackberry.lib.dir}/SignatureTool.jar" fork="true" failonerror="true">
		<arg line="-a -C"/>
		<arg line="'${output.cod.dir}/${module.name}.cod'"/>
		<arg line="'${output.cod.dir}/${options.module.name}.cod'"/>
	</java>
</target>

The SignatureTool.jar and sigtool.* files are in ${blackberry.lib.dir} along with all of the other tools like rapc.exe, rapc.jar, net_rim_api.jar

[Dougsg38p]

One thing that I recall - the signature format changed between 4.2.1 and JDE 4.5

Whan I first moved a project to JDE 4.5 and copied the sig tools, the system told me it was updating the format and cranked for a few seconds.

Maybe this is failing "silently' in batch mode?

[niceonedave]

To be honest, I don't think the signing is failing. The CODs get signed, but they don't get signed with the RRT key, so I get an exception when I try to start the app. As soon as I compile with a newer version of rapc.exe the signature tool doesn't use the RRT key (I can see that in the list on the signature tool).

[Dougsg38p]

Now that you mention it, I do recall an issue where RRT shows "optional" when building on 4.5 for a certain package (don't remember which), so the sig tool doesn't sign it. However, when you run on the device, it throws the security exception.

Take a look at this:

Re: Move signing keys to a new computer... - BlackBerry Support Community Forums

I recall that we hit this issue on one project, and wound up adding a reference to some additional secured API that we didn't need, just to force the RRT signature.

[niceonedave]

Any idea what the reference was? It definitely seems like that is my problem too. I looked at the .cso file that is produced by rapc and it doesn't include the line '52525400=RIM Runtime API'. I interrupted the build process and manually added that line to the file and then called the signing target manually and this time it did sign using RRT. I just need to find a way of getting it to work without having to manually update the file now.

[Dougsg38p]

I don't, but you might experiment with referencing a few "secured" API's and see what works.

[niceonedave]

Ok, so I made sure there are some references to secured APIs but it still didn't work.