View Single Post
Old 02-15-2012, 01:38 PM   #188
ixtab
(offline)
ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.
 
ixtab's Avatar
 
Posts: 2,903
Karma: 6677485
Join Date: Dec 2011
Device: K3, K4, K5, KPW, KPW2
Kindlet signer key valid for too short

Hi,

(this is mostly, well, exclusively, targeted at Yifan Lu):

I'm about to experiment again with creating Kindlets, and since your newest jailbreak already includes the Java dev keys, I thought I'd just use them to keep things simple for end users. However, this is what I get when signing the package:

Code:
sign:
  [signjar] Signing JAR: package.azw2 to package.azw2 as Kindlet
  [signjar] Warning: 
  [signjar] The signer certificate will expire within six months.
  [signjar] Enter Passphrase for keystore: 
  [signjar] Signing JAR: package.azw2 to package.azw2 as KindletInteractionSupport
  [signjar] Warning: 
  [signjar] The signer certificate will expire within six months.
  [signjar] Enter Passphrase for keystore: 
  [signjar] Signing JAR: package.azw2 to package.azw2 as KindletNetworkSupport
  [signjar] Warning: 
  [signjar] The signer certificate will expire within six months.
  [signjar] Enter Passphrase for keystore:
This means that everything signed with the keys in your jailbreak will stop working within less than 6 months. I doubt that this was your intention. (I would have created the keys with a validity of at least 20 years, just to be on the safe side).

I suggest releasing a new jailbreak version (1.2?) with updated keys ASAP. So far, I don't think a lot of development has been going on with the currently included keys, so I guess the sooner this is fixed, the better...

Just my 2 cents though. There are of course always alternatives like using other keys to sign (and including them in the keystore on the device), but as far as I understand the whole purpose of including those keys directly in the jailbreak was to make things as hassle-free as possible...

UPDATE: Oh well, it doesn't work anyway with the currently included keys. The alias names MUST be of the form "[dk|di|dn]<alias>" (e.g. "dktest, ditest, dntest", or if you want to stick with the "Kindlet" alias, "dkKindlet, diKindlet, dnKindlet"). Otherwise the Kindle just throws a "NullPointerException at com.amazon.kindle.kindlet.internal.security.Kindle tBookletKindletClassLoader.getMappedCertificates(v sb:1101)". I'm sticking with the "test" keys for now, but I really suggest to fix this.

Last edited by ixtab; 02-15-2012 at 06:50 PM.
ixtab is offline   Reply With Quote