Adobe AIR Building Apps
Adobe AIR Building Apps AS3 Actionscript
Adobe AIR Building Apps AS3 Actionscript
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
BUILDING ADOBE <strong>AIR</strong> APPLICATIONS<br />
Signing <strong>AIR</strong> applications<br />
190<br />
Signing an <strong>AIR</strong> intermediate file with ADT<br />
To sign an <strong>AIR</strong> intermediate file with ADT, use the -sign command. The sign command only works with <strong>AIR</strong><br />
intermediate files (extension airi). An <strong>AIR</strong> file cannot be signed a second time.<br />
To create an <strong>AIR</strong> intermediate file, use the adt -prepare command. (See “ADT prepare command” on page 165.)<br />
Sign an <strong>AIR</strong>I file<br />
❖ Use the ADT -sign command with following syntax:<br />
adt -sign SIGNING_OPTIONS airi_file air_file<br />
SIGNING_OPTIONS The signing options identify the private key and certificate with which to sign the <strong>AIR</strong> file.<br />
These options are described in “ADT code signing options” on page 172.<br />
airi_file The path to the unsigned <strong>AIR</strong> intermediate file to be signed.<br />
air_file The name of the <strong>AIR</strong> file to be created.<br />
ADT -sign command example<br />
adt -sign -storetype pkcs12 -keystore cert.p12 unsignedMyApp.airi myApp.air<br />
For more information, see “ADT sign command” on page 165.<br />
Signing an updated version of an <strong>AIR</strong> application<br />
Each time you create an updated version of an existing <strong>AIR</strong> application you sign the updated application. In the best<br />
case you can use the same certificate to sign the updated version that you used to sign the previous version. In that case<br />
the signing is exactly the same as signing the application for the first time.<br />
If the certificate used to sign the previous version of the application has expired and been renewed or replaced, you can<br />
use the renewed or new (replacement) certificate to sign the updated version. To do this, you sign the application with<br />
the new certificate and you apply a migration signature using the original certificate. The migration signature validates<br />
that the original certificate owner has published the update.<br />
Before you apply a migration signature, consider the following points:<br />
• To apply a migration signature, the original certificate must still be valid or have expired within the last 365 days.<br />
This period is termed as the ‘grace period’ and the duration can change in the future.<br />
Note: Until <strong>AIR</strong> 2.6, the grace period was 180 days.<br />
• You cannot apply a migration signature after the certificate expires and the 365 days grace period elapses. In that<br />
case, users must uninstall the existing version before installing the updated version.<br />
• The 365-day grace period only applies to applications specifying <strong>AIR</strong> version 1.5.3 or higher in the application<br />
descriptor namespace.<br />
Important: Signing updates with migration signatures from expired certificates is a temporary solution. For a<br />
comprehensive solution, create a standardized signing workflow to manage the deployment of application updates. For<br />
example, sign each update with the latest certificate and apply a migration certificate using the certificate used to sign the<br />
previous update (if applicable). Upload each update to its own URL from which users can download the application. For<br />
more information, see “Signing workflow for application updates” on page 249.<br />
The following table and figure summarize the workflow for migration signatures:<br />
Last updated 2/22/2016