Http://www.wosign.com/Support/Adobe_AIR_Signing_guide.htm
Adobe AIR CodeWosign code signing Certificate for Adobe AIR allows software developers to develop software code (such as HTML, XML, Flash, flex, And ajar) using the a‑air technology) digitally sign the Code so that users can download it on a network platform (Internet or intranet) to ensure that the Code is not illegally tampered with and the source is trusted, this protects code integrity, prevents users from being attacked by viruses, malicious code, and spyware, and protects the interests of software developers, this allows software developers to securely and quickly release software through the network. To protect the interests of software developers and end users,Adobe AIR software digital signature is mandatory.
This User Guide is based on the translation of relevant documents on the Adobe website. For more information, see the following original documents:
(1) Adobe AIR
(2) packaging an air installation file using the air developer tool (ADT)
(3) digitally signing Adobe AIR applications
Note:: The above documents require that you use firefoxfirefox to apply for an Adobe AIR code signature certificate, which is complex. Wosign fully understands that many users are already very familiar with wosign application and use of Microsoft code signature certificates. Therefore 《Adobe AIR code signature certificate application guideYou can use IE to apply for a certificate in the same way as Microsoft code signature certificate, because Adobe AIR digital signature supports both Java keystore file (. keystore) and PKCS12 file (. p12 or. pfx) and other certificate formats. This Guide uses the pfx format certificate applied by IE to sign the air file.
1. download and install the signature Tool
Make sure that you have downloaded Adobe air and the free Adobe air sdk, And you have downloaded and installed Sun Java 6 JDK on your computer. The signature tool must be supported by Java. Note: To use the environment, you only need to download and install Adobe AIR. Do not confuse it.
2. Why does Adobe AIR require a digital signature? What is the difference between using Adobe AIR code to sign a certificate and using a self-Signed bookmarks?
The application software digital signature is used to ensure that the Code is not illegally tampered with and the source is trusted when users download the code on a network platform (Internet or Intranet, this protects code integrity, prevents users from being attacked by viruses, malicious code, and spyware, and protects the interests of software developers, this allows software developers to securely and quickly release software through the network. Adobe AIR digital signatures are mandatory to protect the interests of software developers and end users.
Because the Adobe AIR software digital signature is mandatory, in order to facilitate software developers to try the digital signature effect and benefits before purchasing a certificate, and to facilitate the testing of software code, adobe AIR supports self-signed certificates. If you use the signature tool provided by Adobe AIR to use the self-Signed name, the display effect after running the software is shown in 1, a red question mark is displayed:Publisher: UnknownAnd a Red Cross:Issuer identity: Unknown.
If you useAdobe AIR code signature certificateThe air file is signed, and the display effect after running the software is shown in 2. A yellow question mark is displayed:Publisher: Your company name(Chinese or English), and a green check box is displayed:Issuer identity: verified. Indicates that the true identity of the software publisher has been verified by an authoritative third party.
3. Guide to file packaging and signing
If you have successfully installed the Adobe air sdk, the c: \ adobeairsdk \ bin directory contains two useful tool software: ADL and ADL. Set this directory as the PATH environment variable. Assume that your application directory is D: \ Myair \ source \ MyApp. XML, andAdobe AIR code signature certificateExport the pfx certificate: mycert. pfx is also copied to this directory, enter the doscommand, and use the following command to package and sign:
ADT-package-storetype PKCS12-keystore mycert. pfx MyApp. Air MyApp. xml.
Here: MyApp. air is the signed file generated after packaging, MyApp. XML is the file to be packaged. It can be a number of related files, such as MyApp. XML myapp.html airaliases. JS image.gif.
After running, you will be prompted to enter your certificate password, that is, the password you set when exporting the certificate. Press enter to complete the packaging and signature, and then you can deploy it for the customer to download and run.
If you have not purchasedAdobe AIR code signature certificate, You can also use the following command to create a self-signed document for signature testing, but as shown in 1, it will show:Publisher: Unknown. Enter the doscommand line and enter the following command to generate a self-signed certificate. The file name of the Self-signed certificate is testcert. pfx.
ADT-Certificate-CN selfsign-ou test-O test-c cn 1024-rsa testcert. pfx Password
You can use the preceding packaging and signature commands to sign the certificate after the certificate is generated successfully. Note: Self-signed documents are only used for testing purposes, and commercial software must also be purchasedAdobe AIR code signature certificateTo sign your. Air file.
Note:: UseAdobe AIR code signature certificateWhen you sign your. Air Code, the signature tool ADT will automatically add a free timestamp. The timestamp service is very important. After adding a timestamp, even if your code signature certificate has expired, because your code is signed within the validity period of the certificate, the timestamp Service ensures that the code is still trusted and end users can download it with confidence, so that even if the code signature certificate has expired, you do not need to re-sign or re-release the signed code.
From: http://www.samhy.com/article/124.htm