PlayBook (.bar) Application Signing Roundup

Posted on June 3, 2011 | 3 comments

NOTE: There is an AIR application that was created to help with signing and other Tablet OS common commands. Check it out here.

I wanted to post a round up post to both serve as an overview for new people but gather a bunch of info in one place for others that might have been through the process.

RIM’s development model requires signing. You need signing to get .bar applications on the device, both for developing and when you submit to the app store. It might be a bit confusing because the processes for both are similar but different, and I haven’t even thrown the “debug token” process into the mix.

So the goal of this post is to take you from code to device (both development workflow and App World ready) all through links and info available on the web. First some definitions and overview.

Handy Definitions:

  • signing – The process of signing the .bar file, in PlayBook world includes requesting keys from RIM, creating a cert, registering csj files, and multiple csj files for different signing processes.
  • PIN – PlayBook device identification number that you will retrieve from the physical device. Also a term for the passwords from signing keys.
  • .csj files – files used in the signing process RDK (for apps) and PBDT (PlayBook Debug Token) used for the “debug token” process.
  • vendor – The account you have with RIM, its not just a developer account but the account that is tied to payments and App World submissions, they have a slightly different process for individual vs cooperation.
  • debug token – This provisions a device to allow .bar apps to work on a particular device that has the token to run with out signing of the .bar file. A token can be configured to have multiple device PINs. The tokens expire after 1 month.
  • BlackBerry Tablet OS plugin – A Flash Builder plugin provided by RIM to allow for a bunch of UI dialogs to help with signing, build/packaging, csj registering, and debug tokens.
    BlackBerry Tablet OS for AIR SDK – Copies over the AIR sdk and adds BlackBerry Tablet OS specific tools (see next).
  • blackberry-airpackager, blackberry-deploy, blackberry-signer – The command line tools provided in the BlackBerry Tablet OS SDK that are used for building, packaging, and signing .bar applications. Same tools used in the BlackBerry Tablet OS plugin as well.


  • Get an Vendor account with RIM (more then a couple hour process)
  • Request signing keys (more then a couple hour process), this PIN (password really) needs to be remember.
  • Create certificate (cn value is important)
  • Register signing keys properly.
  • Create and upload a debug token with PBDT signing key if you want to develop with none signed apps. With debug token on devices all you need is author/authorId correct in .bar file, note tokens expire in a month.
  • Sign .bar application, make sure its in production mode.

Here is the links that get into the details of the overview above:

RIM’s docs on signing your application with Flash Builder 4.5. My note here is read through all the doc pages first before starting and pay attention to the notes and details.
RIM’s documentation on debug tokens.
Julian Dolce showing off debug tokens and how they work

Command line walkthrough on how to sign your .bar applications. (might be dated)
Command line walkthrough on how to sign your .bar applications. (might be dated)

How to verify your BAR file is fully signed


RIM’s knowledgebase for signing related issues/questions. Here are some common issues that I see people have:

  • Code signing request failed because this file has been previously signed
  • When creating a Debug Token from Flash Builder, the process fails with exception “Unable to parse issue date from debug token” (locale is not English)
  • Debug token shows as not valid when uploaded to the BlackBerry PlayBook
  • Code signing request failed because Application-Development-Mode is present and not set to [false]
  • “Unable to register client ‘,’ (ID:) because they have exhausted their registration attempts”

RIM’s release notes on common issues. If you see any of the following errors click on this link for sure:

  • Attempt to rename [value1] to [value2] failed
  • Code signing request failed because Application-Development-Mode in Manifest is present and is not set to false
  • Code signing request failed because Common Name in developer certificate is not [value]
  • Code signing request failed because this file has been previously signed
  • Code signing request failed because Package-Author in Manifest is not set to [value]
  • Code signing request failed because value of Package-Name in Manifest is not allowed
  • -cskpass and -csjpin must be specified if -register is specified
  • cskpass required
  • Developer certificate and private key not found in keystore or store password not supplied
  • Incomplete certificate chain
  • Key associated with [value] not a private key
  • Keystore load: store password incorrect
  • keytool error: certificate.p12 <Access is denied>
  • keytool error: Incorrect AVA Format
  • keytool error: java.lang.Exception: Key pair not generated, alias already exists
  • Missing parameter for [option_name] option
  • No BAR file or CSJ file specified
  • No key name specified
  • No manifest
  • Only one of -setup, -register, or -verify can be specified
  • Server is not responding
  • Unable to open BAR file
  • Shawn

    Ya quite the mess.

    Another awesome gotcha, don’t put any comma’s in your CN! Otherwise you’ll get a Java error when trying to create your P12 certificate in FlashBuilder. I think it was this one(keytool error: Incorrect AVA Format)

    ie, I accidentally enterered: mycompany, inc

    Two days later when the signing keys arrived, I registered them, but when I tried to create my cert, I got this random Java error. Wasted a couple hours trying to debug that…

    Eventually I had to request ANOTHER set of keys, and wait another 2 days, all because I had accidentally entered a comma in the web form…

  • Josh Tynjala

    Ugh. I thought Apple’s signing process for iOS was bad enough, with their expiring provision profiles and whatnot, but the PlayBook takes it to a whole new level. RIM needs to simplify this to the extreme. Apple can get away with annoyances because they’re the dominant mobile platform. RIM doesn’t have that luxury. I got a free device in their developer promotion, and yet, I cringe every time I think about deploying a test build.

    Just let me turn on developer mode to deploy any unsigned app to my device. No debug token or anything silly like that. Throw in some scary warnings, if you must, but treat me like an adult and don’t lock me out of my device. Then, make the signing process for submission one single step. I’ll sign it with my personal certificate, and then RIM should automate the rest on the backend when I upload my app.

  • Kapteijn-Design

    I have a solution for the problem:
    process fails with exception “Unable to parse issue date from debug token”

    I have changed my location, date time and my language, but the problem was still there. So i try it using the command line and it works.

    First follow the steps:

    - “”

    - When you app is ready to release, File >> Export >> Release Build >> Click two times on the “Next” button

    - Go to your bin-release map, copy all the files from it and paste them in the root of your user account

    - Before you create a .Bar file, please note that you have changed the follow in your “-app.xml” file:
    - versionNumber doesn’t start with “0.0.0″
    - must change to

    - in the command line:
    - blackberry-airpackager -package .bar -installApp -launchApp -app.xml blackberry-tablet.xml .swf -device -password -devmode

  • Pingback: Good Roundup of Resources Explaining PlayBook App Signing - BerryReview

  • Pingback: Good Roundup of Resources Explaining PlayBook App Signing - BerryReview