Digitally sign a CAB file

Digitally sign a CAB file
The legendary digital signature can be downloaded without prompting, so try it:
There are three gadgets in the middle of \microsoft Visual Studio. NET 2003\sdk\v1.1\bin that you can use to implement digital signatures.
1. Makecert.exe---Certificate Creation tool
2. Cert2Spc.exe---Issuer Certificate testing tool
3. Signcode.exe---File Signing tool

Steps:
1) makecert-ss name-n "cn= company name"-sv D:\pos.pvk-r d:\pos.cer sk-represents the key container location of the subject, ss-the subject's certificate store name, N-Certificate-issued object, R-Certificate storage location,-SV Export the private key file (for signature use). Note: This time will allow input three times password, three times to be completely consistent.
2) Use CERT2SPC to generate SPC Publisher certificate (optional): CERT2SPC d:\pos.cer C:\POS.SPC
3) Double-click Signcode to start the Signature wizard without a number of parameters. First select to sign the file, Next, select "Own definition", Next, select "Select from File", add the newly generated Pos.cer certificate, next, select the private key pos.pvk, then next, can SPC certificate, and then the next step. Add a timestamp, fill in the timestamp with http://timestamp.verisign.com/scripts/timstamp.dll Testcab.cab, and then complete the next step.

The CAB file is signed, but this time clicking on the file will reveal that the certificate is not available because the certificate is not turned on. Specific information such as digital certificate, file Properties-〉 View Certificate-〉 Install certificate, go to install Certificate Wizard, store area Select trusted Root certification authority, click Finish.

In the client test:
1) Add certificate, browser-〉 tool-〉internet option-〉 content-〉 certificate-〉 Trusted Authority-〉 import certificate.
2) in the case of a certificate, assume that the server does not increase the "trusted URLs", prompting the download will show the certificate signed content, no certificate is prompted to "unknown."
3) Assuming that the server has added "trusted URLs" and has imported the certificate, it will not be prompted to download any information regardless of the user's feeling. If you do not add a "trusted URL", the control can download normally but still not work properly, regardless of whether it is signed or not.

Iv. questions:
1. Whether or not to join the "trusted URLs".
2. The role of a digital signature, the difference between an authorization certificate and an unauthorized certificate.

Digitally sign a CAB file