MobileRead Forums - View Single Post

ixtab · 02-15-2012, 01:38 PM

Hi,

(this is mostly, well, exclusively, targeted at Yifan Lu):

I'm about to experiment again with creating Kindlets, and since your newest jailbreak already includes the Java dev keys, I thought I'd just use them to keep things simple for end users. However, this is what I get when signing the package:

Code:

sign:
  [signjar] Signing JAR: package.azw2 to package.azw2 as Kindlet
  [signjar] Warning: 
  [signjar] The signer certificate will expire within six months.
  [signjar] Enter Passphrase for keystore: 
  [signjar] Signing JAR: package.azw2 to package.azw2 as KindletInteractionSupport
  [signjar] Warning: 
  [signjar] The signer certificate will expire within six months.
  [signjar] Enter Passphrase for keystore: 
  [signjar] Signing JAR: package.azw2 to package.azw2 as KindletNetworkSupport
  [signjar] Warning: 
  [signjar] The signer certificate will expire within six months.
  [signjar] Enter Passphrase for keystore:

This means that everything signed with the keys in your jailbreak will stop working within less than 6 months. I doubt that this was your intention. (I would have created the keys with a validity of at least 20 years, just to be on the safe side).

I suggest releasing a new jailbreak version (1.2?) with updated keys ASAP. So far, I don't think a lot of development has been going on with the currently included keys, so I guess the sooner this is fixed, the better...

Just my 2 cents though. There are of course always alternatives like using other keys to sign (and including them in the keystore on the device), but as far as I understand the whole purpose of including those keys directly in the jailbreak was to make things as hassle-free as possible...

UPDATE: Oh well, it doesn't work anyway with the currently included keys. The alias names MUST be of the form "[dk|di|dn]<alias>" (e.g. "dktest, ditest, dntest", or if you want to stick with the "Kindlet" alias, "dkKindlet, diKindlet, dnKindlet"). Otherwise the Kindle just throws a "NullPointerException at com.amazon.kindle.kindlet.internal.security.Kindle tBookletKindletClassLoader.getMappedCertificates(v sb:1101)". I'm sticking with the "test" keys for now, but I really suggest to fix this.

02-15-2012, 01:38 PM	#188
ixtab (offline) Posts: 2,907 Karma: 6736092 Join Date: Dec 2011 Device: K3, K4, K5, KPW, KPW2	Kindlet signer key valid for too short Hi, (this is mostly, well, exclusively, targeted at Yifan Lu): I'm about to experiment again with creating Kindlets, and since your newest jailbreak already includes the Java dev keys, I thought I'd just use them to keep things simple for end users. However, this is what I get when signing the package: Code: sign: [signjar] Signing JAR: package.azw2 to package.azw2 as Kindlet [signjar] Warning: [signjar] The signer certificate will expire within six months. [signjar] Enter Passphrase for keystore: [signjar] Signing JAR: package.azw2 to package.azw2 as KindletInteractionSupport [signjar] Warning: [signjar] The signer certificate will expire within six months. [signjar] Enter Passphrase for keystore: [signjar] Signing JAR: package.azw2 to package.azw2 as KindletNetworkSupport [signjar] Warning: [signjar] The signer certificate will expire within six months. [signjar] Enter Passphrase for keystore: This means that everything signed with the keys in your jailbreak will stop working within less than 6 months. I doubt that this was your intention. (I would have created the keys with a validity of at least 20 years, just to be on the safe side). I suggest releasing a new jailbreak version (1.2?) with updated keys ASAP. So far, I don't think a lot of development has been going on with the currently included keys, so I guess the sooner this is fixed, the better... Just my 2 cents though. There are of course always alternatives like using other keys to sign (and including them in the keystore on the device), but as far as I understand the whole purpose of including those keys directly in the jailbreak was to make things as hassle-free as possible... UPDATE: Oh well, it doesn't work anyway with the currently included keys. The alias names MUST be of the form "[dk\|di\|dn]<alias>" (e.g. "dktest, ditest, dntest", or if you want to stick with the "Kindlet" alias, "dkKindlet, diKindlet, dnKindlet"). Otherwise the Kindle just throws a "NullPointerException at com.amazon.kindle.kindlet.internal.security.Kindle tBookletKindletClassLoader.getMappedCertificates(v sb:1101)". I'm sticking with the "test" keys for now, but I really suggest to fix this. Last edited by ixtab; 02-15-2012 at 06:50 PM.