.cab Signing (SP Only)

  • Article

To provide a more secure method of packaging and delivering applications, Smartphone supports .cab files signed with Authenticode certificates. Certificates are attached to signed .cab files as a certificate chain when the file goes through the signing process.

Note   Pocket PC does not check signatures during application, installation, or execution.

To sign a .cab file for use on a device, you must have the following resources:

  • A .cab file created by CABWizSP.
  • An Authenticode certificate that is already installed on or will be distributed to the device the .cab file is to be installed on.

A .cab file can be signed when it is created by means of Authenticode tools. Authenticode provides a development toolkit with a suite of applications that sign and verify the signature on a .cab file. The Authenticode suite includes the following tools:

  • MakeCert, which creates a test X.509 certificate
  • SignCode, which signs a file
  • ChkTrust, which checks the validity of the file
  • CertMgr, which manages certificates, certificate trust lists, and certificate revocation lists

These tools are available on MSDN® under the titles:

  • Signing and Checking CABs with Authenticode
  • The Code Signing Wizard, which is invoked through the SIGNCODE utility, to sign a file

See Also

Creating Setup .cab Files with CabWizSp (SP Only) | .cab Files | CABWizSP (SP Only)

Last updated on Friday, April 22, 2005

© 2005 Microsoft Corporation. All rights reserved.

Send feedback on this topic to the authors.