How sign the code by own certificate and install the certificate on device.
来源:互联网 发布:手机全能恢复软件 编辑:程序博客网 时间:2024/06/04 19:33
Sign code
By crino
Share http://www.codeproject.com/KB/mobile/signcode.aspx#
How sign the code by own certificate and install the certificate on device.
Introduction
This article is for tests purpose only, the best way to sign code is Mobile2Market, Versign etc...
With WM5 Microsoft has implements a new security schema on PocketPC too.
The new schema requires that the applications must be signed with a valid certificate to run without problems on devices.
Forsimple applications the schema is not a problem, you'll get someborings popup to run the applications or to install cabs the firsttime. We have more problems when we try to deploy services or drivers,our dlls or applications will not run because the schema is loadedafter service.exe and device.exe processes!
In this article i'll explain how we can deploy our own certificate on device and sign our code.
Step 1 - Create the certificate
The first step is create our certificate. To do this we'll use the utility makecert.exe:
Collapsemakecert -r -sv MyCert.pvk -n "CN=MyCert" -b 01/01/2000 -e 01/01/2099 MyCert.cerFor more information about makecert.exe parameters refer to MSDN library.
Now we have our certificate (MyCert.cer) and private key (MyCert.pvk) but we need of .pfx to pass it to signtool.exe, so go on step 2.
Step 2 - Create .pfx from the .cer
To create .pfx file from .cer file we've to run pvk2pfx.exe
tool:
Collapsepvk2pfx.exe -pvk MyCert.pvk -spc MyCert.cer -pfx MyCert.pfxThe command will creates .pfx file (MyCert.pfx).
Step 3 - Create the provisioningdoc xml
Ok, now we are ready tobuild our cab which will installs our certificate on devices. To dothis we've to create our wap-provisioningdoc xml.
Collapse"<?xml version="1.0" encoding="utf-8" ?>
<wap-provisioningdoc>
<characteristic type="CertificateStore">
<characteristic type="Privileged Execution Trust Authorities">
<characteristic type="[cert_sha1]">
<parm name="EncodedCertificate" value="[cert_base64]" />
</characteristic>
</characteristic>
</characteristic>
<characteristic type="CertificateStore">
<characteristic type="SPC">
<characteristic type="[cert_sha1]">
<parm name="EncodedCertificate" value="[cert_base64]" />
<parm name="Role" value="222" />
</characteristic>
</characteristic>
</characteristic>
</wap-provisioningdoc>"This is the standard schema for our provisioningdoc.
We've to fill [cert_sha1] and [cert_base64] with our values get from MyCert.cer. To obtain these values we've to use openssl.exe tool:
Collapse
openssl sha1 MyCert.cer > MyCert_sha1.txt
openssl base64 -in MyCert.cer > MyCert_base64.txt
Withthese commands we get two files with sha1 and base64 values of ourcertificate. So create an empty file '_setup.xml' and past the contentinto:
Collapse<?xml version="1.0" encoding="utf-8" ?>
<wap-provisioningdoc>
<characteristic type="CertificateStore">
<characteristic type="Privileged Execution Trust Authorities">
<characteristic type="30bc827f441fa4437b645163e49ade7226b362c3">
<parm name="EncodedCertificate" value="MIIB7zCCAVigAwIBAgIQSZfc9OLump1HzDNpsZ2edTANBgkqhkiG9w0BAQQFADAR
MQ8wDQYDVQQDEwZNeUNlcnQwIBcNOTkxMjMxMjMwMDAwWhgPMjA5ODEyMzEyMzAw
MDBaMBExDzANBgNVBAMTBk15Q2VydDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEAx6QQIhONxvNHrK+p1qgy/AY3/Q/rf7XGvMYmxENAdQFjgP2CpH/1Bgsa8MwK
XxViZqW2DbixDas77M+cG3BnxtdK42xuhBlzVCq8wiOh7/q9SZp9wKj94c7k5jok
L1BgHT2dH2DHUgnxG6Y9mvowX/DJ8gvbNKR1p4FQpK74NvUCAwEAAaNGMEQwQgYD
VR0BBDswOYAQfyce0/6l1q4oeResHzIEZ6ETMBExDzANBgNVBAMTBk15Q2VydIIQ
SZfc9OLump1HzDNpsZ2edTANBgkqhkiG9w0BAQQFAAOBgQAEqy6rTbjmV/6zgYBY
+gQQqBHf4GMvyEUR9g5+p/esG7GDve/qbZ4bm1BOSdRfgzMsda2guciMD54QPHNp
k+wdE0tSuQN90Dla8109GmTdFyZkVezSDmuCkbX0BjQW2dJ6egvGG2mnA7Q6/5yt
4ftcV6hExesZviGUKXdBhBM2Dg==" />
</characteristic>
</characteristic>
</characteristic>
<characteristic type="CertificateStore">
<characteristic type="SPC">
<characteristic type="30bc827f441fa4437b645163e49ade7226b362c3">
<parm name="EncodedCertificate" value="MIIB7zCCAVigAwIBAgIQSZfc9OLump1HzDNpsZ2edTANBgkqhkiG9w0BAQQFADAR
MQ8wDQYDVQQDEwZNeUNlcnQwIBcNOTkxMjMxMjMwMDAwWhgPMjA5ODEyMzEyMzAw
MDBaMBExDzANBgNVBAMTBk15Q2VydDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEAx6QQIhONxvNHrK+p1qgy/AY3/Q/rf7XGvMYmxENAdQFjgP2CpH/1Bgsa8MwK
XxViZqW2DbixDas77M+cG3BnxtdK42xuhBlzVCq8wiOh7/q9SZp9wKj94c7k5jok
L1BgHT2dH2DHUgnxG6Y9mvowX/DJ8gvbNKR1p4FQpK74NvUCAwEAAaNGMEQwQgYD
VR0BBDswOYAQfyce0/6l1q4oeResHzIEZ6ETMBExDzANBgNVBAMTBk15Q2VydIIQ
SZfc9OLump1HzDNpsZ2edTANBgkqhkiG9w0BAQQFAAOBgQAEqy6rTbjmV/6zgYBY
+gQQqBHf4GMvyEUR9g5+p/esG7GDve/qbZ4bm1BOSdRfgzMsda2guciMD54QPHNp
k+wdE0tSuQN90Dla8109GmTdFyZkVezSDmuCkbX0BjQW2dJ6egvGG2mnA7Q6/5yt
4ftcV6hExesZviGUKXdBhBM2Dg==" />
<parm name="Role" value="222" />
</characteristic>
</characteristic>
</characteristic>
</wap-provisioningdoc>We're ready to build our cab to deploy on our devices.
Step 4 - Build the .cab
This is the most simple step, we've to run makecab.exe tool:
Collapsemakecab.exe _setup.xml mycert_cert.cabOur certificate is now ready to install on devices!
Step 5 - Sing our application code
After we installed the certificate on our devices we can sign our code with MyCert.pfx our code to run as trusted.
We've to use signtool.exe tool:
Collapsesigntool.exe sign /f MyCert.pfx *.exe *.cabor
Collapsesigncode -v MyCert.pvk -spc MyCert.cer *.exe With these simple five steps we've our certificate applications!
History
19/12/2005 - Initial article.
30/12/2005 - Corrected the command line on Step 5
31/12/2005 - Regenerated the certificate and updated zip file
15/11/2006 - Added command line in Step 5 and updated zip file with signcode.exe tool.
- How sign the code by own certificate and install the certificate on device.
- How sign the code by own certificate and install the certificate on device.
- 证书过期:The certificate used to sign "###"...
- 证书过期:The certificate used to sign "###"...
- Code Sign error: The identity 'iPhone Developer' doesn't match any valid certificate/private key pai
- 关于Code Sign error:The identity 'iPhone distribution' doesn't match any valid certificate private ..
- Code Sign error: The identity 'iPhone Developer' doesn't match any valid, non-expired certificate...
- Code Sign error: The identity 'Mac Developer' doesn't match any valid, non-expired certificate/priva
- Code Sign error: The identity 'iPhone Developer' doesn't match any valid certificate/private key pair in the default key
- Verify the Developer App certificate for your account istrusted on your device.
- Verify the Developer App certificate for your account is trusted on your device
- Verify the Developer App certificate for your account istrusted on your device.
- The certificate used to sign "app名" has either expired
- Unable to install "项目名" The certificate used to sign "项目名" has either expired or has been
- 此证书签发者无效,发布证书已丢失, Download and Install the Renewed Intermediate Certificate
- How to install XBAP's certificate in Root and TrustedPublisher Certificate Store of Client side?
- invalidate the HTTPS certificate
- send a client certificate by using the HttpWebRequest and HttpWebResponse classes
- Java环境下Imagemagick中文图片处理问题非完美解决方案
- 使用C操作MySQL数据库(vs 2008)
- yield(C# 参考)
- 使用IE浏览器无法打开xml文件解决方法
- SQL日历表数据的简单生成
- How sign the code by own certificate and install the certificate on device.
- 《变革中的思索》连载一:21世纪的新“四化”
- 着色语言
- 手机客户端网络加速技术方案实现思考
- VC++6.0编程问题
- 基于浏览器的客户跟踪技术概述
- 迭代器&使用迭代器(C# 编程指南)
- C++ Templates笔记 3 重载函数模板(附加)
- 关于siebel
