BlackBerry links Code Signing Keys to BlackBerry ID for developers

By Alicia Erlich on 16 Aug 2013 11:12 pm EDT
2
loading...
0
loading...
40
loading...

If you are a current or soon to be BlackBerry Developer then you are sure to be happy over the recent announcement concerning code signing keys. Due to various issues, including password problems, delays with receiving keys via email, or backing them up when switching computers, they have made the decision to replace signing keys with a BlackBerry ID account to authorize and verify applications. 

All that is required is logging into BlackBerry ID and downloading the BlackBerry ID token. However, this token does expire after one year but is renewable as long as you utilize the same ID. This simplified signing method is incorporated in the BlackBerry SDK, BlackBerry AIR SDK and Android tools, with WebWorks SDK support due in a future release.

For Existing BlackBerry Code Signing Key Holders

Your currently installed BlackBerry code signing keys will continue to function, but I recommend linking them to a BlackBerry ID account right away to take advantage of all the benefits outlined above.  In order to do so, log into BlackBerry ID to create a BlackBerry ID token, which is where you choose the password you’ll use when signing applications. Once you have the BlackBerry ID token, run the following command to link your currently installed BlackBerry code signing keys to your BlackBerry ID account:

blackberry-signer -linkcsk –bbidtoken <BBID Token CSK filename>
-oldcskpass <Legacy CSK password> –bbidcskpass <BBID Token CSK password>
 

Developers, what is your take on this news? Do you think it ameliorates many of the issues you've been experiencing with your signing keys? Sound off in the comments below.

Read the full details on the BlackBerry Developer Blog

Topics: Developers

37 comments

Puz_zled

I'm not a dev, but if I were it would sound like a streamlined process that is way more user friendly to me, which must be a good thing!

From my sweet BB10 Neutrino powered Z10 :D

STV0726

Good stuff.

~STV on Z10STL100-3/10.1.0.2025 TMO US

BlackberryFan777

It will be a huge improvement once WebWorks SDK is supported.

Posted via CB10

BBThemes

As a webworks dev id say it sounds nice but again im told coming soon by BlackBerry.

00stryder

Hmmm, wonder what this means for those of us that aren't devs but use the signing keys and tokens to sideload Android apps. The extended expiration is greatly appreciated though.

Posted via CB10 on my white Z10 & lovin' it!

Marc_Paradise

The key expiration is new. The 30 day limit on debug token is unchanged.

Posted via CB10

r0v3rT3N

<farnsworth> Good news everyone! </farnsworth>

Thunderbuck

+1 for utterly gratuitous Futurama reference ;-)

patelnet

I would think this will certainly simplify getting signing keys and debug tokens for the n00bs now :)

Posted via CB10

Kris Simundson

Works awesome for the IDE, even simpler than BlackBerry makes it out to be, just unregister current keys in IDE than it'll ask you to make a password. Do this, click get key. It'll open a Web browser and get you to sign into your BlackBerry ID, and voila your registered. Recreate new debug token and update apps.

Posted via Dev B wielding 10.2.0.1047 | BerryLeaks Co-founder

meltbox360

BlackBerry's version sounded much more complex. This is sweet! Haven't done anything since early PB but I remember I had to manually sign once. It sucked.

Posted via CB10

davinci4real

Krrrriiiiiiissss! Where have you been? I'm going to change my signature to Kris simundson's junior brother :D

trricciardi

From the dialog in the IDE when you Unregister: "After reregistering, new versions of your apps will appear as new applications, not upgrades, and will not have access to shared data from previous versions."

I don't have any published apps yet, so I'm going to use this method.

itzJustMeh

Will it work with existing keys? If you have an app, don't you need to upload current key so you can update app?

RedxD

BlackBerry says that it won't work, you have to link the bbid token to your csk token, but I think Kris didn't have any problem with that.

RedxD

If you unregister your keys you won't be able to update your apps(updates will appear as new apps instead of updates), or at least that's what a dialog said to me when I clicked on "unregister keys" so I went the BlackBerry way and use the command, so be careful when using this method lol

Thunderbuck

This is actually the tip of the iceberg. BB has enhanced ALL KINDS of stuff on the developer site and organized all kinds of material that wasn't necessarily the easiest to get to.

One thing I hadn't been aware of: "BlackBerry Builder" training that provides a formal curriculum for both Cascades and WebWorks development, aimed at devs interested in obtaining certification...

https://developer.blackberry.com/blackberrybuilders/prepare/web_training...

nonesuchnick

It's not very clear how this benefits Devs with apps signed with existing keys. Exactly what does the suggested "linking" process do to my existing keys and do you continue using those or the BBID token? Which one is modified by the linking and should be used going forward, the BBID Token I think?

And what are the implications of throwing away your existing keys and getting a new BBID token as suggested above by Kris? Will you still be able to sign and publish your existing app to BlackBerry World without problems? Previously it was made very clear that you could not change the signing key used for an app without breaking updates for existing users of your app.

How all this works really needs to be clarified in a lot more detail than the current blog post. Until I know for sure I can't take the chance of messing up my app for my users.

Posted via CB10

Gees97

I'm not a Developer but I'm Really surprised you haven't received a reply yet

Posted Via My Most Used BlackBerry App

DisturbedRocks31

Someone should test the process! :p

Posted from my Dev C!

asiayeah

This really should be in the 1st place. Previously when a developer loses his signing keys, there is simply no way to update any existing app published. I just wonder since when WebWorks SDK is the last one to get updates, even after AIR SDK?

makaiman

These or "the" tokens should be cloud-based across the board coupled with a stringent security question across that same board for and to access SDKs within multiple development environments on subsequent machines. BlackBerry IDs are awesome and simplify the process, but still, the security on the ID should be even tighter, especially on the higher level developer platform...

yruz2bu

What about bigger organizations? Can one share one security token among several BlackBerry IDs, since you still want your company name to show up as creator of the app...

meltbox360

This is just for signing. Companies generally only sign for an actual release so a single signing server or something like that is sufficient.

Posted via CB10

yohan17

I wonder? could we update our OS through our blackberry ID using links? If the developers can get this the work smooth?

Posted via CB10

RedxD

No, this is just for signing applications, we still can't install stuff OTA(except for the VPN workaround).

felixweber

They do it now that I got used to old process...

Posted via CB10

ofutur

I've had zero issues with my keys and I regularly switch between multiple sets. I wonder how my use case will be handled. Hopefully it doesn't mean a wipe before testing an app for a different client...

Sent from my Z30/3

Blomsternisse

About time! The current key system is annoying. If you want to run your own applications for a longer time than one month, you have to side load them - on your own device. :/

RedxD

This won't change that, debug tokens only last a month, to avoid this you'll have to sideload(you can do it from Momentics) a release version of your app.

somerandombbusername

Just sign your app with a real key, not a debug token, and you won't have to worry about renewals. BlackBerry Dev tools are the best. Ever tried to sign an ios app? A pain, and $100 a year for that pain. BlackBerry seriously needs educate people on the differences between their platform and others. It has so many advantages but the general public and even mobile developers are not aware of most of them.

wgtcarlos

I believe it's good. I never had any of the problems mentioned but I guess the new method makes the process easier.

Posted via CB10

pumano

Very good news and usable!

Posted via CB10

heri16

Security watered down...