Re: Code Signing
- From: Nino Benvenuti <nino_dot_online@nino_dot_net>
- Date: Mon, 23 Jan 2006 19:06:31 -0500
James wrote:
Hi Nino,
Well, i used the Test Certificates from MS by copying the 'SdkCerts.cab' CAB file to the PDA and executing it, and all worked fine.
But generating my own CER using the makecert and installing and signing, does not work. It still asks for user to allow the app to run. Is it not possible to create your own cert, sign your app and run it?
Cheers, James
"Nino Benvenuti" wrote:
sn.exe is the Strong Name tool and is used for signing an assembly with a strong name. Strong Name signing helps to ensure that an assembly is globally unique and it helps to protect the version lineage of an assembly. They also provide guarantees that the assembly has not been changed since it has been built. Strong name signing of assemblies is required if you are going to install them into the GAC.
What you are after, James, is Authenticode signing. This will ensure the integrity and authenticity of your assemblies and your CAB. If you choose do sign your assemblies outside of Visual Studio, you will need to use the SignTool.exe tool.
The Windows Mobile SDK certs exist for developers to test their bits under the different privilege levels. For WM5 PPC, the certs may be found at C:\Program Files\Windows CE Tools\wce500\Windows Mobile 5.0 Pocket PC SDK\Tools In that directory, you will find the certs as well as a CAB for you install the certs on your device for testing. The certs are already installed on the emulator.
These certs are *not* for release and you cannot use them as such as the devices will not the certificate on them.
You can sign your CABs and your assemblies with a private cert; however, you would need to install that cert on the device so that the assemblies and CAB could be verified. Also note that the signature on the CAB will be ignored unless the EXEs and DLLs in the CAB are also signed.
If you haven't read the following, I would suggest them:
http://msdn.microsoft.com/security/default.aspx?pull=/library/en-us/dnppcgen/html/wmsecurity.asp
http://blogs.msdn.com/windowsmobile/archive/2005/12/17/491167.aspx
Most my reply here (as I'm sure you've noted) assumes WM5.0 - what version of the .NET CF are you using and what is your target platform?
-- Nino Benvenuti http://nino.net/blog
James wrote:Sorry I should have been more clear.
I want to sign the CAB and assemblies using a privately created certficate rather than a Mobile2Market or Verisign Code signing service.
Do the devices only have certain Root certs and cannot add others? What are the test certificates and can I use them for release?
Cheers, James
"Joseph Byrns" wrote:
You can use the sn.exe from the command line, (sn.exe -k c:\test.snk). You can then use this file to sign your assembly by (in VS 2005, can't remember where in VS2003) clicking Project->'ProjectName' Properties->Signing then check the 'Sign Assembly' check box and select the relevant file.
"James" <James@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:0306548F-3D8B-4268-ADFC-09BB78300760@xxxxxxxxxxxxxxxxHelp anyone...
"James" wrote:
Hi All,
I want to sign my Assemblies for release to a client that will use only my
application and I dont want to buy standard certificates.
How can i create a private certificate that I can install manually and sign
all my Assemblies to use this private certificate?
Cheers,
James.
Hi James,
As Scott Yost said in reply to your other post, you need to provision the certificate to the device.
-Nino .
- Follow-Ups:
- Re: Code Signing
- From: neel
- Re: Code Signing
- References:
- Re: Code Signing
- From: Joseph Byrns
- Re: Code Signing
- From: Nino Benvenuti
- Re: Code Signing
- From: James
- Re: Code Signing
- Prev by Date: Re: CF and display of Images
- Next by Date: Re: CF and display of Images
- Previous by thread: Re: Code Signing
- Next by thread: Re: Code Signing
- Index(es):
Relevant Pages
|
