You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cordova.apache.org by mu...@apache.org on 2015/05/18 23:51:25 UTC
docs commit: CB-8486 improve packaging docs
Repository: cordova-docs
Updated Branches:
refs/heads/master af16a486a -> aada385e0
CB-8486 improve packaging docs
Project: http://git-wip-us.apache.org/repos/asf/cordova-docs/repo
Commit: http://git-wip-us.apache.org/repos/asf/cordova-docs/commit/aada385e
Tree: http://git-wip-us.apache.org/repos/asf/cordova-docs/tree/aada385e
Diff: http://git-wip-us.apache.org/repos/asf/cordova-docs/diff/aada385e
Branch: refs/heads/master
Commit: aada385e0bc7077209f41b9691c1205020678c25
Parents: af16a48
Author: Murat Sutunc <su...@gmail.com>
Authored: Mon May 18 12:08:09 2015 -0700
Committer: Murat Sutunc <su...@gmail.com>
Committed: Mon May 18 14:38:19 2015 -0700
----------------------------------------------------------------------
docs/en/edge/guide/platforms/win8/packaging.md | 86 ++++++++++++++++---
.../platforms/win8/createprivatekeywindow.png | Bin 0 -> 4099 bytes
2 files changed, 72 insertions(+), 14 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cordova-docs/blob/aada385e/docs/en/edge/guide/platforms/win8/packaging.md
----------------------------------------------------------------------
diff --git a/docs/en/edge/guide/platforms/win8/packaging.md b/docs/en/edge/guide/platforms/win8/packaging.md
index d6494d4..7107338 100644
--- a/docs/en/edge/guide/platforms/win8/packaging.md
+++ b/docs/en/edge/guide/platforms/win8/packaging.md
@@ -17,9 +17,9 @@ license: Licensed to the Apache Software Foundation (ASF) under one
under the License.
---
-# Packaging of Windows Store Apps
+# Windows Packaging
-You can learn more about signing and packaging of Windows Store Apps on [MSDN](https://msdn.microsoft.com/en-us/library/hh446593(v=vs.85).aspx).
+You can learn more about signing and packaging of Windows Store Apps on [MSDN][1].
To be able to correctly package and sign Windows apps there are few things required:
@@ -43,17 +43,75 @@ A signing certificate can be provided from either CLI or through build.json file
Alternatively, these values could be specified using a build configuration file (build.json) using CLI (--buildConfig). A sample build configuration file:
- {
- "windows": {
- "debug": {
- "packageCertificateKeyFile": "platforms\\windows\\CordovaApp_TemporaryKey.pfx"
- },
- "release": {
- "packageCertificateKeyFile": "c:\\path-to-key\\keycert.pfx",
- "packageThumbprint": "ABCABCABCABC123123123123",
- "publisherId": "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
- }
- }
- }
+ {
+ "windows": {
+ "debug": {
+ "packageCertificateKeyFile": "platforms\\windows\\CordovaApp_TemporaryKey.pfx"
+ },
+ "release": {
+ "packageCertificateKeyFile": "c:\\path-to-key\\keycert.pfx",
+ "packageThumbprint": "ABCABCABCABC123123123123",
+ "publisherId": "CN=FakeCorp.com, L=Redmond, S=Washington, C=US"
+ }
+ }
+ }
There is also support to mix and match command line arguments and parameters in build.json file. Values from the command line arguments will get precedence.
+
+# How to create a certificate key and sign Cordova windows Apps
+Signing is required for distributing and installing Windows Store apps. This process is normally handled by Visual Studio when you deploy a package for release. To do tmhis without Visual Studio we need to create our own certificates.
+
+For creating certificates we need to use [makecert.exe][2] util. This tool ships with Windows SDK and can be found under `%ProgramFiles(x86)%\Windows Kits\8.1\bin\x64` or `%ProgramFiles(x86)%\Windows Kits\8.1\bin\x86`.
+
+The first thing we need to do is to create a root key for signing our app.
+
+`makecert.exe -n "CN=FakeCorp.com" -r -eku "1.3.6.1.5.5.7.3.3,1.3.6.1.4.1.311.10.3.13" -e "01/01/2020" –h 0 -sv FakeCorp.com.pvk FakeCorp.com.cer`
+
+To understand what makecert does, here's a brief explanation of what parameters do:
+
+- -n "CN=FakeCorp.com" : This is the certificate subject [X.509](http://en.wikipedia.org/wiki/X.509) name. In this example it's **C**ommon**N**ame=FakeCorp.com.
+- -r : Creates a [self signed certificate](http://en.wikipedia.org/wiki/Self-signed_certificate).
+- -eku #EKU_VAL# : Comma separated enhanced key usage OIDs.
+ - 1.3.6.1.5.5.7.3.3 indicates that the certificate is valid for code signing. Always specify this value to limit the intended use for the certificate.
+ - 1.3.6.1.4.1.311.10.3.13 indicates that the certificate respects lifetime signing. Typically, if a signature is time stamped, as long as the certificate was valid at the point when it was time stamped, the signature remains valid even if the certificate expires. This EKU forces the signature to expire regardless of whether the signature is time stamped.
+- -e "01/01/2020" : Sets the expiration date of the certificate.
+- -h 0 : Sets max height of the tree below this cert to 0 to prevent the certificate from being used as a Certification Authority (CA) that can issue other certificates.
+- -sv FakeCorp.com.pvk : Output PVK file. Windows uses PVK files to store private keys for code signing.
+- FakeCorp.com.cer : Output certificate file. CER file is used to store X.509 certificate.
+
+After running makecert for the first time, enter the private password on the screen that pops up:
+
+
+
+Once pvk and cer file is created, we need to create a pfx file from these certificates. A pfx (Personal Exchange Format) file contains a variety of cryptographic information, such as certificates, root authority certificates, certificate chains and private keys. To package the certs, we will use the a tool called [pvk2pfx][3]. This tool ships with Windows SDK and can be found under `%ProgramFiles(x86)%\Windows Kits\8.1\bin\x64` or `%ProgramFiles(x86)%\Windows Kits\8.1\bin\x86`.
+
+`pvk2pfx -pvk FakeCorp.com.pvk -pi pvkPassword -spc FakeCorp.com.cer -pfx FakeCorp.com.pfx -po pfxPassword`
+
+Where:
+
+- pvk : Input pvk file name
+- pi : pvk password
+- spc : Input cert file name
+- pfx : Output pfx file name
+- po : pfx password; same as pvk password if not provided
+
+If we provide this pfx file to build.json file, we will have the following error: "The key file may be password protected. To correct this, try to import the certificate manually into the current user's personal certificate store.". In order to import it we have to use [certutil][4] from an admin prompt:
+
+`certutil -user -p PASSWORD -importPFX FakeCorp.com.pfx`
+
+Where:
+
+- user : Specifies "current user" personal store
+- p : Password for pfx file
+- importPfx : Name of pfx file
+
+Once installed, next step is to add packageThumbprint and packageCertificateKeyFile to build.json. In order to find the packageThumbprint, search for the CommonName we've associated with the certificate:
+
+`powershell -Command " & {dir -path cert:\LocalMachine\My | where { $_.Subject -like \"*FakeCorp.com*\" }}"`
+
+Once these final values are provided. Cordova should successfully package and sign the app.
+
+[1]: https://msdn.microsoft.com/en-us/library/hh446593(v=vs.85).aspx
+[2]: https://msdn.microsoft.com/en-us/library/ff548309(v=vs.85).aspx
+[3]: https://msdn.microsoft.com/en-us/library/ff550672(v=vs.85).aspx
+[4]: https://technet.microsoft.com/en-us/library/ee624045(v=ws.10).aspx
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cordova-docs/blob/aada385e/template/docs/default/img/guide/platforms/win8/createprivatekeywindow.png
----------------------------------------------------------------------
diff --git a/template/docs/default/img/guide/platforms/win8/createprivatekeywindow.png b/template/docs/default/img/guide/platforms/win8/createprivatekeywindow.png
new file mode 100644
index 0000000..622d4a1
Binary files /dev/null and b/template/docs/default/img/guide/platforms/win8/createprivatekeywindow.png differ
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org
For additional commands, e-mail: commits-help@cordova.apache.org