A few days ago I ran into an issue trying to register my old code signing keys with the new BlackBerry Widget plugin for Eclipse. If you have some foresight you can copy and backup the sigtool.* files from the bin directory of a install where the keys were already registered but what happens if you didn’t? (Yes I know I am sometimes a klutz)
Turns out that you can simply request replacement code signing keys from RIM instead of paying $20 for another set. Erik, a Software Engineering Analyst over @RIM, was kind enough to help me through the process and tell me how others can do the same. RIM simply requires the registered owner of the keys to email [email protected] requesting replacement keys. He notes that in the event that there are multiple signature keys associated with one email account, RIM might require a client ID to ensure the appropriate key is replaced.
In some cases where the request does not come from the registered owner of the keys RIM will also probably require the following information:
Originally Registered Company:
Originally Registered Name:
Originally Registered Email:
Originally Registered PIN:
They will then follow up with the registered owner to ensure the request is valid and send the keys to the registered owner.
Personally I have yet to understand what security benefit code signing keys offer the BlackBerry platform when anybody with $20 can get one but I decided to leave that question unanswered for now. Any guesses? RIM claims it “MUST” track the use of sensitive BlackBerry API’s for security and export control but does not explain why. I can understand that maybe the Certicom encryption classes require export control but I am not sure how code signing keys provides any sort of export control…