UPDATE: Apparently, there is a different technology than Authenticode that I should be using for Windows Mobile.
After signing the EXE and the CAB file, this worked just fine on Windows Mobile 5. When testing on Windows Mobile 6, I got the following error: “program is from an unknown publisher”. Not only must the EXE and CAB file be signed, but all the DLLs inside the CAB must be signed too. There are two ways to accomplish this.
The first method is to simply add the signtool commands mentioned in my previous post to sign the DLLs. Aftter the DLLs are signed, you cab up all the files using CabWiz.exe. Then you sign the cab file itself.
The second method is to use the utility CabSignTool.exe from Microsoft. This handy utility explodes a CAB file, signs every executable and DLL file inside, then recabs it and signs the CAB file. In order to use it, you will need to download and install the Windows Mobile 6 SDK. The tool is located in <WindowsMobile6SDK>/Tools/Security/CabSignTool. Make sure this is in your path. The cabsigntool takes most of the same arguments as the signtool. The only differences are that the first two parameters are the input and output cab names and the “sign” command is not necessary. So to accomplish signing the cab, do something like the following:
c:> cabsigntool.exe cabinput.cab caboutput.cab /f [yourcert.pfx] /p [yourpassword] /t [yourtimeserver]
When you execute this command, it will extract the contents of your cab file. It will sign each file inside. It will then recab the files and sign the cab file. So you can accomplish with one command what it took multiple lines to do with signtool.exe alone.
http://msdn.microsoft.com/en-us/library/aa924367.aspx
http://msdn.microsoft.com/en-us/library/bb278115.aspx
Post a Comment