Hi,
(this is mostly, well, exclusively, targeted at Yifan Lu):
I'm about to experiment again with creating Kindlets, and since your newest jailbreak already includes the Java dev keys, I thought I'd just use them to keep things simple for end users. However, this is what I get when signing the package:
Code:
sign:
[signjar] Signing JAR: package.azw2 to package.azw2 as Kindlet
[signjar] Warning:
[signjar] The signer certificate will expire within six months.
[signjar] Enter Passphrase for keystore:
[signjar] Signing JAR: package.azw2 to package.azw2 as KindletInteractionSupport
[signjar] Warning:
[signjar] The signer certificate will expire within six months.
[signjar] Enter Passphrase for keystore:
[signjar] Signing JAR: package.azw2 to package.azw2 as KindletNetworkSupport
[signjar] Warning:
[signjar] The signer certificate will expire within six months.
[signjar] Enter Passphrase for keystore:
This means that everything signed with the keys in your jailbreak will stop working within less than 6 months. I doubt that this was your intention. (I would have created the keys with a validity of at least 20 years, just to be on the safe side).
I suggest releasing a new jailbreak version (1.2?) with updated keys ASAP. So far, I don't think a lot of development has been going on with the currently included keys, so I guess the sooner this is fixed, the better...
Just my 2 cents though. There are of course always alternatives like using other keys to sign (and including them in the keystore on the device), but as far as I understand the whole purpose of including those keys directly in the jailbreak was to make things as hassle-free as possible...
UPDATE: Oh well, it doesn't work anyway with the currently included keys. The alias names MUST be of the form "[dk|di|dn]<alias>" (e.g. "dktest, ditest, dntest", or if you want to stick with the "Kindlet" alias, "dkKindlet, diKindlet, dnKindlet"). Otherwise the Kindle just throws a "NullPointerException at com.amazon.kindle.kindlet.internal.security.Kindle tBookletKindletClassLoader.getMappedCertificates(v sb:1101)". I'm sticking with the "test" keys for now, but I really suggest to fix this.