RSS Feed
Download our iPhone app
Browse DevX
Sign up for e-mail newsletters from DevX


Understanding Windows Mobile Security : Page 4

Learn about the security provisioning of Windows Mobile devices and how you can provision your own Windows Mobile device using the Device Security Manager (included with Visual Studio 2008).

Signing with the CabSignTool.exe
The Windows Mobile 6 SDK ships with the CabSignTool utility that allows you to sign a CAB file (and all the files contained within it). Create a CAB file for the SecureApp application and then sign it with the CabSignTool.

Uncheck the Sign the project output with this certificate checkbox (see Figure 10) and rebuild the project.

Then, add a new Smart Device CAB Project to the current solution. In the File System tab, right-click on the Application Folder item and select Add—>Project Output…. Next, select the SecureApp application and click Primary output. Click OK.

Figure 10. Uncheck the Box: Do not sign the application within Visual Studio 2008.
Figure 11. The CAB File: Locate the CAB file generated by the project in the bin\Debug folder of the project.

Build the project. Locate the CAB file generated by the project in the bin\Debug folder of the project (see Figure 11).

Copy the CAB file into the emulator (via ActiveSync) and install it on the emulator. You will see the confirmation as shown in Figure 12. This is because the CAB file has not been signed yet.

Author's Note: When trying out the example illustrated in this section, be sure to set the security setting of the emulator to Prompt Two-Tier.

Figure 12. Confirmed: Unsigned CAB files are prompted.

To sign the CAB file, first copy the following files into a folder, say C:\Signing\.


Original Path


\Debug folder of the project


C:\Program Files\Windows Mobile 6 SDK\Tools\Security\CabSignTool


C:\Program Files\Windows Mobile 6 SDK\Tools\Security\SDK Development Certificates

Launch the Visual Studio 2008 Command Prompt by selecting Start—>lPrograms—>Microsoft Visual Studio 2008—>Visual Studio Tools—>Visual Studio 2008 Command Prompt.

Issue the following command (see also Figure 13):

C:\Signing>cabsigntool.exe SmartDeviceCab1.CAB SmartDeviceCab1.CAB -f SamplePrivDeveloper.pfx

Essentially, you are signing the CAB file and all the files contained within it.

Figure 13. Signing the CAB File: Signing the CAB file with the cabsigntool.
Figure 14. Privileged Mode: The application now runs in privileged mode.

Copy the CAB file into the emulator now and install the application. You will now be able to install the application without any prompting. Also, you will now be able to write a registry key without any problem (see Figure 14).

Emulator Testing Is Not Enough
Now that you've seen how the security configuration of Windows Mobile devices affects the running of your applications, you'll agree that it's always useful to test your application on real devices and not totally rely on emulators as they normally have security turned off.

Wei-Meng Lee is a Microsoft MVP and founder of Developer Learning Solutions, a technology company specializing in hands-on training on the latest Microsoft technologies. He is an established developer and trainer specializing in .NET and wireless technologies. Wei-Meng speaks regularly at international conferences and has authored and coauthored numerous books on .NET, XML, and wireless technologies. He writes extensively on topics ranging from .NET to Mac OS X. He is also the author of the .NET Compact Framework Pocket Guide, ASP.NET 2.0: A Developer's Notebook (both from O'Reilly Media, Inc.), and Programming Sudoku (Apress). Here is Wei-Meng's blog.
Email AuthorEmail Author
Close Icon
Thanks for your registration, follow us on our social networks to keep up-to-date