BlackBerry links Code Signing Keys to BlackBerry ID for developers

By Alicia Erlich on 16 Aug 2013 11:12 pm EDT

If you are a current or soon to be BlackBerry Developer then you are sure to be happy over the recent announcement concerning code signing keys. Due to various issues, including password problems, delays with receiving keys via email, or backing them up when switching computers, they have made the decision to replace signing keys with a BlackBerry ID account to authorize and verify applications. 

All that is required is logging into BlackBerry ID and downloading the BlackBerry ID token. However, this token does expire after one year but is renewable as long as you utilize the same ID. This simplified signing method is incorporated in the BlackBerry SDK, BlackBerry AIR SDK and Android tools, with WebWorks SDK support due in a future release.

For Existing BlackBerry Code Signing Key Holders

Your currently installed BlackBerry code signing keys will continue to function, but I recommend linking them to a BlackBerry ID account right away to take advantage of all the benefits outlined above.  In order to do so, log into BlackBerry ID to create a BlackBerry ID token, which is where you choose the password you’ll use when signing applications. Once you have the BlackBerry ID token, run the following command to link your currently installed BlackBerry code signing keys to your BlackBerry ID account:

blackberry-signer -linkcsk –bbidtoken <BBID Token CSK filename>
-oldcskpass <Legacy CSK password> –bbidcskpass <BBID Token CSK password>

Developers, what is your take on this news? Do you think it ameliorates many of the issues you've been experiencing with your signing keys? Sound off in the comments below.

Read the full details on the BlackBerry Developer Blog

Topics: Developers

Reader comments

BlackBerry links Code Signing Keys to BlackBerry ID for developers


I'm not a dev, but if I were it would sound like a streamlined process that is way more user friendly to me, which must be a good thing!

From my sweet BB10 Neutrino powered Z10 :D

Hmmm, wonder what this means for those of us that aren't devs but use the signing keys and tokens to sideload Android apps. The extended expiration is greatly appreciated though.

Posted via CB10 on my white Z10 & lovin' it!

I would think this will certainly simplify getting signing keys and debug tokens for the n00bs now :)

Posted via CB10

Works awesome for the IDE, even simpler than BlackBerry makes it out to be, just unregister current keys in IDE than it'll ask you to make a password. Do this, click get key. It'll open a Web browser and get you to sign into your BlackBerry ID, and voila your registered. Recreate new debug token and update apps.

Posted via Dev B wielding | BerryLeaks Co-founder

BlackBerry's version sounded much more complex. This is sweet! Haven't done anything since early PB but I remember I had to manually sign once. It sucked.

Posted via CB10

From the dialog in the IDE when you Unregister: "After reregistering, new versions of your apps will appear as new applications, not upgrades, and will not have access to shared data from previous versions."

I don't have any published apps yet, so I'm going to use this method.

Will it work with existing keys? If you have an app, don't you need to upload current key so you can update app?

BlackBerry says that it won't work, you have to link the bbid token to your csk token, but I think Kris didn't have any problem with that.

If you unregister your keys you won't be able to update your apps(updates will appear as new apps instead of updates), or at least that's what a dialog said to me when I clicked on "unregister keys" so I went the BlackBerry way and use the command, so be careful when using this method lol

It's not very clear how this benefits Devs with apps signed with existing keys. Exactly what does the suggested "linking" process do to my existing keys and do you continue using those or the BBID token? Which one is modified by the linking and should be used going forward, the BBID Token I think?

And what are the implications of throwing away your existing keys and getting a new BBID token as suggested above by Kris? Will you still be able to sign and publish your existing app to BlackBerry World without problems? Previously it was made very clear that you could not change the signing key used for an app without breaking updates for existing users of your app.

How all this works really needs to be clarified in a lot more detail than the current blog post. Until I know for sure I can't take the chance of messing up my app for my users.

Posted via CB10

I'm not a Developer but I'm Really surprised you haven't received a reply yet

Posted Via My Most Used BlackBerry App

This really should be in the 1st place. Previously when a developer loses his signing keys, there is simply no way to update any existing app published. I just wonder since when WebWorks SDK is the last one to get updates, even after AIR SDK?

These or "the" tokens should be cloud-based across the board coupled with a stringent security question across that same board for and to access SDKs within multiple development environments on subsequent machines. BlackBerry IDs are awesome and simplify the process, but still, the security on the ID should be even tighter, especially on the higher level developer platform...

What about bigger organizations? Can one share one security token among several BlackBerry IDs, since you still want your company name to show up as creator of the app...

This is just for signing. Companies generally only sign for an actual release so a single signing server or something like that is sufficient.

Posted via CB10

I wonder? could we update our OS through our blackberry ID using links? If the developers can get this the work smooth?

Posted via CB10

No, this is just for signing applications, we still can't install stuff OTA(except for the VPN workaround).

I've had zero issues with my keys and I regularly switch between multiple sets. I wonder how my use case will be handled. Hopefully it doesn't mean a wipe before testing an app for a different client...

Sent from my Z30/3

About time! The current key system is annoying. If you want to run your own applications for a longer time than one month, you have to side load them - on your own device. :/

This won't change that, debug tokens only last a month, to avoid this you'll have to sideload(you can do it from Momentics) a release version of your app.

Just sign your app with a real key, not a debug token, and you won't have to worry about renewals. BlackBerry Dev tools are the best. Ever tried to sign an ios app? A pain, and $100 a year for that pain. BlackBerry seriously needs educate people on the differences between their platform and others. It has so many advantages but the general public and even mobile developers are not aware of most of them.

I believe it's good. I never had any of the problems mentioned but I guess the new method makes the process easier.

Posted via CB10

I'm wondering what are advantages and disadvantages of having / using single or separate BB IDs for development and personal use. Your thoughts?