How sign the code by own certificate and install the certificate on device.
2010-01-10 17:08
561 查看
Sign code
By crinoShare http://www.codeproject.com/KB/mobile/signcode.aspx#
How sign the code by own certificate and install the certificate on device.
Introduction
This article is for tests purpose only, the best way to sign code is Mobile2Market, Versign etc...With WM5 Microsoft has implements a new security schema on PocketPC too.
The new schema requires that the applications must be signed with a valid certificate to run without problems on devices.
For simple applications the schema is not a problem, you'll get some borings popup to run the applications or to install cabs the first time. We have more problems when we try to deploy services or drivers, our dlls or applications will not run because the schema is loaded after service.exe and device.exe processes!
In this article i'll explain how we can deploy our own certificate on device and sign our code.
Step 1 - Create the certificate
The first step is create our certificate. To do this we'll use the utilitymakecert.exe:
Collapse
makecert -r -sv MyCert.pvk -n " CN=MyCert" -b 01/01/2000 -e 01/01/2099 MyCert.cer
For more information about
makecert.exeparameters refer to MSDN library.
Now we have our certificate (MyCert.cer) and private key (MyCert.pvk) but we need of .pfx to pass it to
signtool.exe, so go on step 2.
Step 2 - Create .pfx from the .cer
To create .pfx file from .cer file we've to runpvk2pfx.exe
tool:
Collapse
pvk2pfx.exe -pvk MyCert.pvk -spc MyCert.cer -pfx MyCert.pfx
The command will creates .pfx file (MyCert.pfx).
Step 3 - Create the provisioningdoc xml
Ok, now we are ready to build our cab which will installs our certificate on devices. To do this we've to create our wap-provisioningdoc xml.Collapse
"< ?xml version=" 1.0" encoding=" utf-8" ?> < wap-provisioningdoc> < characteristic type=" CertificateStore" > < characteristic type=" Privileged Execution Trust Authorities" > < characteristic type=" [cert_sha1]" > < parm name=" EncodedCertificate" value=" [cert_base64]" /> < /characteristic> < /characteristic> < /characteristic> < characteristic type=" CertificateStore" > < characteristic type=" SPC" > < characteristic type=" [cert_sha1]" > < parm name=" EncodedCertificate" value=" [cert_base64]" /> < parm name=" Role" value=" 222" /> < /characteristic> < /characteristic> < /characteristic> < /wap-provisioningdoc>"
This is the standard schema for our provisioningdoc.
We've to fill [cert_sha1] and [cert_base64] with our values get from MyCert.cer. To obtain these values we've to use
openssl.exetool:
Collapse
openssl sha1 MyCert.cer > MyCert_sha1.txt openssl base64 -in MyCert.cer > MyCert_base64.txt
With these commands we get two files with sha1 and base64 values of our certificate. So create an empty file '_setup.xml' and past the content into:
Collapse
< ?xml version=" 1.0" encoding=" utf-8" ?> < wap-provisioningdoc> < characteristic type=" CertificateStore" > < characteristic type=" Privileged Execution Trust Authorities" > < characteristic type=" 30bc827f441fa4437b645163e49ade7226b362c3" > < parm name=" EncodedCertificate" value=" MIIB7zCC***igAwIBAgIQSZfc9OLump1HzDNpsZ2edTANBgkqhkiG9w0BAQQFADAR MQ8wDQYDVQQDEwZNeUNlcnQwIBcNOTkxMjMxMjMwMDAwWhgPMjA5ODEyMzEyMzAw MDBaMBExDzANBgNVBAMTBk15Q2VydDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC gYEAx6QQIhONxvNHrK+p1qgy/AY3/Q/rf7XGvMYmxENAdQFjgP2CpH/1Bgsa8MwK XxViZqW2DbixDas77M+cG3BnxtdK42xuhBlzVCq8wiOh7/q9SZp9wKj94c7k5jok L1BgHT2dH2DHUgnxG6Y9mvowX/DJ8gvbNKR1p4FQpK74NvUCAwEAAaNGMEQwQgYD VR0BBDswOYAQfyce0/6l1q4oeResHzIEZ6ETMBExDzANBgNVBAMTBk15Q2VydIIQ SZfc9OLump1HzDNpsZ2edTANBgkqhkiG9w0BAQQFAAOBgQAEqy6rTbjmV/6zgYBY +gQQqBHf4GMvyEUR9g5+p/esG7GDve/qbZ4bm1BOSdRfgzMsda2guciMD54QPHNp k+wdE0tSuQN90Dla8109GmTdFyZkVezSDmuCkbX0BjQW2dJ6egvGG2mnA7Q6/5yt 4ftcV6hExesZviGUKXdBhBM2Dg==" /> < /characteristic> < /characteristic> < /characteristic> < characteristic type=" CertificateStore" > < characteristic type=" SPC" > < characteristic type=" 30bc827f441fa4437b645163e49ade7226b362c3" > < parm name=" EncodedCertificate" value=" MIIB7zCC***igAwIBAgIQSZfc9OLump1HzDNpsZ2edTANBgkqhkiG9w0BAQQFADAR MQ8wDQYDVQQDEwZNeUNlcnQwIBcNOTkxMjMxMjMwMDAwWhgPMjA5ODEyMzEyMzAw MDBaMBExDzANBgNVBAMTBk15Q2VydDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC gYEAx6QQIhONxvNHrK+p1qgy/AY3/Q/rf7XGvMYmxENAdQFjgP2CpH/1Bgsa8MwK XxViZqW2DbixDas77M+cG3BnxtdK42xuhBlzVCq8wiOh7/q9SZp9wKj94c7k5jok L1BgHT2dH2DHUgnxG6Y9mvowX/DJ8gvbNKR1p4FQpK74NvUCAwEAAaNGMEQwQgYD VR0BBDswOYAQfyce0/6l1q4oeResHzIEZ6ETMBExDzANBgNVBAMTBk15Q2VydIIQ SZfc9OLump1HzDNpsZ2edTANBgkqhkiG9w0BAQQFAAOBgQAEqy6rTbjmV/6zgYBY +gQQqBHf4GMvyEUR9g5+p/esG7GDve/qbZ4bm1BOSdRfgzMsda2guciMD54QPHNp k+wdE0tSuQN90Dla8109GmTdFyZkVezSDmuCkbX0BjQW2dJ6egvGG2mnA7Q6/5yt 4ftcV6hExesZviGUKXdBhBM2Dg==" /> < parm name=" Role" value=" 222" /> < /characteristic> < /characteristic> < /characteristic> < /wap-provisioningdoc>
We're ready to build our cab to deploy on our devices.
Step 4 - Build the .cab
This is the most simple step, we've to runmakecab.exetool:
Collapse
makecab.exe _setup.xml mycert_cert.cab
Our certificate is now ready to install on devices!
Step 5 - Sing our application code
After we installed the certificate on our devices we can sign our code with MyCert.pfx our code to run as trusted.We've to use
signtool.exetool:
Collapse
signtool.exe sign /f MyCert.pfx *.exe *.cab
or
Collapse
signcode -v MyCert.pvk -spc MyCert.cer *.exe
With these simple five steps we've our certificate applications!
History
19/12/2005 - Initial article.30/12/2005 - Corrected the command line on Step 5
31/12/2005 - Regenerated the certificate and updated zip file
15/11/2006 - Added command line in Step 5 and updated zip file with signcode.exe tool.
相关文章推荐
- How sign the code by own certificate and install the certificate on device.
- How sign the code by own certificate and install the certificate on device.
- How can I install the Google Apps Package (Play Store, ...) on my Android device?
- Could not install the app on the device, read the error above for details. Make sure you have an And
- virtual memory layout and how to get it by the correspoinding functuon
- How to Configure and Install ownCloud on Ubuntu 16.04
- 【转】How to install and configure SharePoint Server 2010 SP1 on the existing SP 2010 Farm
- LM_Sensors on Cent OS 5.4 How To Get And Install The Coretemp Module
- How to Install the ELK Stack on AWS: A Step-By-Step Guide
- Instant Run performed a full build and install since the installation on the device does not match t
- Could not install the app on the device, read the error above for details. Make sure you have an And
- The certificate used to sign “AppName” has either expired or has been revoked. An updated certificate is required to sign and install the application解决
- The certificate used to sign ***has either expired or has been revoked. An updated certificate is required to sign and install the application
- How to install Common Lisp and SLIME on MS Windows
- How to install the Sun Java JDK on Ubuntu 10.10
- How to Install AMQP PHP Extension and RabbitMQ Client on Linux
- [转] How to install the glut libraries and dll's into windows
- react-native 启动服务器时候报错Could not install the app on the device, read the error above for details.
- How to Install PHP 7 with Apache and MariaDB on CentOS 7/Debian 8
- jooq使用自定义策略生成代码(How to use a custom strategy with the jOOQ code-generator and Maven?)