2 Replies Latest reply on Apr 3, 2008 1:05 AM by wellmoon

    Self-Signed Certificates

    wellmoon
      Hi All,

      I'd just like some information about self-signed certificates if possible, I have read the Air docuimentation on this topic, and I've successfully created and packaged my app and the installation succeeds and everything works.

      I've read up on self-signed certificates as well but I still don't fully 'get it'

      I used the ADT app to create the certificate, the password that I entered when creating the certificate, is that the private key? If so what is the public key? Is the cerrtificate the public key?

      Also, how do people verify that the app has not been modified? Do I need to give out the password I used when creating the certificate? Do you just use a hashing program (such as the md5 CLI app) to view the md5 hash of the .air file and then place this on the application's download web page so that people can see it and then check the hash of the file they download is the same? If so, what is the point of creating the certificate, you can view the md5 hash of any file whether it has a cert or not..?

      Some answers would be incredible, but a link to some good explanatory documentation would also be great,

      Thanks
        • 1. Re: Self-Signed Certificates
          Oliver Goldman Adobe Employee
          Your private key is stored in the keystore (.pfx or .p12) file that adt created for you when you created your self-sign certificate. The file itself is protected by the password you entered. Don't ever give this file to anyone, and under no circumstances should you give the password to anyone.

          The public key is also stored in the same file. You can export the public key, embedded in a certificate, from the keystore file, although you likely won't have any need to do that.

          If the resulting .air file is ever modified then the application won't install. There's no need for users to check the hash or anything like that to validate the file; it's all done automatically as part of the installation process.

          Hope that helps,
          Oliver Goldman | Adobe AIR Engineering

          • 2. Re: Self-Signed Certificates
            wellmoon Level 1
            That has answered my question perfectly, and has helped immensely, thanks a lot Oliver :)