I want to sign my Assemblies for release to a client that will use only my
application and I dont want to buy standard certificates.
How can i create a private certificate that I can install manually and sign
all my Assemblies to use this private certificate?
Cheers,
James.
"James" <Ja...@discussions.microsoft.com> wrote in message
news:0306548F-3D8B-4268...@microsoft.com...
Do the devices only have certain Root certs and cannot add others?
What are the test certificates and can I use them for release?
Cheers,
James
What you are after, James, is Authenticode signing. This will ensure
the integrity and authenticity of your assemblies and your CAB. If you
choose do sign your assemblies outside of Visual Studio, you will need
to use the SignTool.exe tool.
The Windows Mobile SDK certs exist for developers to test their bits
under the different privilege levels. For WM5 PPC, the certs may be
found at C:\Program Files\Windows CE Tools\wce500\Windows Mobile 5.0
Pocket PC SDK\Tools In that directory, you will find the certs as well
as a CAB for you install the certs on your device for testing. The
certs are already installed on the emulator.
These certs are *not* for release and you cannot use them as such as the
devices will not the certificate on them.
You can sign your CABs and your assemblies with a private cert; however,
you would need to install that cert on the device so that the assemblies
and CAB could be verified. Also note that the signature on the CAB will
be ignored unless the EXEs and DLLs in the CAB are also signed.
If you haven't read the following, I would suggest them:
http://msdn.microsoft.com/security/default.aspx?pull=/library/en-us/dnppcgen/html/wmsecurity.asp
http://blogs.msdn.com/windowsmobile/archive/2005/12/17/491167.aspx
Most my reply here (as I'm sure you've noted) assumes WM5.0 - what
version of the .NET CF are you using and what is your target platform?
--
Nino Benvenuti
http://nino.net/blog
I am moving an existing .NET CF 1.0 Application to Mobile 5.0.
Thanks for your answer and I will try it today!
Cheers,
James.
Well, i used the Test Certificates from MS by copying the 'SdkCerts.cab' CAB
file to the PDA and executing it, and all worked fine.
But generating my own CER using the makecert and installing and signing,
does not work. It still asks for user to allow the app to run. Is it not
possible to create your own cert, sign your app and run it?
Cheers,
James
I want to sign my application using a privately created Certificate so that
I dont have to buy one.
I tried using the MAKECERT utility and then PVK2PFX and then the SIGNTOOL
and it all worked fine. But after installing my CER file on the PDA it still
prompts me to trust the APP or not.
I tried the stuff in this article
http://www.codeproject.com/useritems/signcode.asp#xx1327891xx
and all was fine but is this the only way to create and use a private
certificate?
Cheers,
James.
--
Scott Yost
Software Development Engineer/Test
Microsoft Corp.
This posting is provided "AS IS" with no warranties, and confers no rights.
"James" <Ja...@discussions.microsoft.com> wrote in message
news:B09447F0-4034-4485...@microsoft.com...
Hi James,
As Scott Yost said in reply to your other post, you need to provision
the certificate to the device.
-Nino
I've been following this discussion thread, I actually have somewhat of
a similar problem. I'm creating signed executables,etc. for Windows
Mobile 5.0 in Visual Studio 2005 environment. I've been able to enable
provisioning of device using the GUI interface of Visual Studio 2005.
Its working. Perfectly.
The problem is, my actual building process involves building from the
command line. To this end, I located the "signtool.exe" which does the
job of signing with valid certificates, etc. However, I can't seem to
find any option by which I can enable provisioning of the device from
the command line (using the signtool.exe tool). Could you please let me
know if there is some switch that exists with the tool, or a separate
executable that handles the provisioning of device in the command line?
Thanks,
-Neel.
SignTool.exe has no facilities for provisioning a certificate to a
device, so your observations in that regard were correct.
With regards to provisioning a certificate to the device, I think that
your options are:
1) Use RapiConfig.exe (in WM5 SDK). You would need to change the
default RAPI policy[1][2] on the device before you could leverage this
2) Create a CAB file that contains[3] the same certificate that you are
signing your assemblies with and load that on the device as a separate
step (or write an automated installer to do it via RAPI)
There may be other ways, but that's what comes to mind at this time...
[1]http://groups.google.com/group/microsoft.public.pocketpc.developer/browse_frm/thread/6fe1649484a08d6d/bbe5f0ed49c48e9f?q=rapiconfig+%2B+access+denied&rnum=3#bbe5f0ed49c48e9f
[2]http://groups.google.com/group/microsoft.public.pocketpc.developer/browse_frm/thread/aee9a7819d2d43d3/ebf7c2ef70703637?q=rapiconfig+%2B+access+denied&rnum=1#ebf7c2ef70703637
[3]http://blogs.msdn.com/windowsmobile/archive/2006/01/28/making_a_root_cert_cab_file.aspx