Ahhh, life was so simple before hackers and if you were building Smartphone 2003 apps then you'll appreciated that it wasn't always mandatory to sign your apps and cab files.  Well for good reason this has changed with Windows Mobile Smartphone V5.0 including the Emulator and it adds a little more complexity the first time.

Visual Studio 2005 ships with two Test Certificates for your mobile projects, you can find them at "file://C:\Program Files\Windows CE Tools\wce500\Windows Mobile 5.0 Smartphone SDK\Tools".

The two you want to play with are:-

  • SDKSamplePrivDeveloper.pfx and
  • SDKSampleUnprivDeveloper.pfx

To help decide which to use then check out James Pratt's  "A Practical Guide to the Smartphone Application Security and Code Signing Model for Developers", the guide relates to Smartphone 2002 and 2003 but it's a good overview, including what are privileged and unprivileged operations and it'll get ya up and running fast!!

To install the certificates just double click on them and take all the defaults in the "Certificate Import Wizard" (no password required) and it will install the certs in to your Personal Certificate Store.

Next add the Certificate to your project.  Right click your project in the Solution Explorer and select the "Devices" tab, click the "Sign the project output with this certificate", then click the "Select Certificate" button.

Now if you are doing this with Visual Studio 2005 Beta 2 get up and do make yourself a nice cuppa tea cose for whatever reason it takes a good 5 to 10 minutes to bring up the certificate store.  When it does finally open select the appropriate certificate.  This frustrating delay is fixed in the August CTP build and probably earlier CTPs!!

Oh, btw, you'll also need to sign the project before you can deploy, do this from the "Signing" tab from Project Properties - it's hopefully pretty self explanatory.

Now you'll need to sign the Cab project, right mouse click your "Smart Devices Cab Project" to load up the Properties Page, you'll see an option to enable "Authenticode Signature" then click the "Select from Store" button and again if on B2 go and make another nice cuppa tea (fixed in August CTP), then select the appropriate certificate.

Now I've done this all with the Test Certificates and clearly when you get your Smartphone application all shiny, finished and ready to sell you'll want a proper certificate from your network operator so check out Mobile2Market for more info on working with Operators and obtaining trusted certificates.

Cheers, Dave

PS. This posting relates to "SMS/Text Voting Solution available for download. Utilizes Windows Mobile V5, SQL Mobile 2005 and SMS Message Interceptor"