×
Menu
Index
Search
 
   
   
   
 
DIGITAL SIGNATURE
 
Add Digital Signature to Your Program
M3 can provide a utility to add digital signature to a program. Unsigned program will show a warning message as shown in the below image when you launch the program.
“The program is from an unknown publisher. Running it can possibly harm your device. Do you want to continue?"
To avoid the warning message pop up, the program needs to be signed and this document will guide through the signing process.
 
i. Digital Signing Process
 
1.     Download the digital signing utility (DigiSign.zip). It will be provided as a zip file which contains “signcode.exe, OEMShipCA.spc and OEMShipCA.pvk”. Once you receive the utility, unzip it to a folder and make sure you have the tree files.
 
2.     Copy .exe or .cab* file of your program to the same folder where the signing utility is unzipped.
* Supported file format: .exe, .dll, .ocx, .cab, .stl, .cat
 
3.     Launch signcode.exe .
 
4.     When the utility launches, follow the directions displayed on the screen. Click next to continue.
 
 
5.     Click browse and select a file that you wish to add digital signature then click next.
 
 
6.     Select Custom when it ask for signing option.
 
7.     Click Select from File then select OEMShipCA.spc .
 
 
8.     Choose private key file on disk and select OEMShipCA.pvk file.
 
 
9.     Select hash algorithm. By default it is set to sha1.
 
10.     Select additional certificate options as required. It is optional. You can just click next to continue.
 
11.     Data description is also optional. You can just click next to continue.
 
12.     Time stamp is also optional. You can just click next to continue.
 
13.     Adding a digital signature to a file has been complete.
 
14.     You can check it from the properties menu of the file.
 
 
ii. Signing in Visual Studio
Project R Click 'Authenticode Signing' Click Certificate '…'
 
 
Click ‘Manage Certificates’
 
 
Click 'Import'
 
In Wizard, File Open File Format (*.pfx), File select M3Sky.pfx
 
Click ‘Next
 
Password Page (Ignore) Click ‘Next’ …
 
 
Click ‘Next
 
Select My Privileged Signing Certificate.
 
Click ‘OK’
 
Change Authenticode Signature YES
 
For .NET
Property Devices Check 'Sign the…' Click Select Certificate Select 'My Privileged …’ OK
 
Result
 
 
iii. Cancellation of All Security Setting.
Set 0000101a Value as 1 from [HKEY_LOCAL_MACHINE\Security\Policies\Policies]
 
 
 
Does M3 support SHA2 encryption?
 
MS announced their newer AKU OS covers SHA2 issue fix is not included ‘code signing’ which means any other WEHH6.5 doesn’t support their requirement.(https://support.microsoft.com/en-us/kb/2986556)
 
There are 2 essential roles for Windows Mobile Certification as below.( https://technet.microsoft.com/en-us/library/cc182301.aspx)
·     In code signing, determining whether an application can be run on the device and if so, the permissions (privileged or normal) with which it will run.
·     In authentication, presenting trusted credentials for connecting to a corporate e-mail server or network or verifying the identity of a remote server
This fix is about  accessing SSL websites with SHA2 and not a code signing scenario per se
Thus there’s no way support to application code signing with SHA2 certification.
 
M3 BLACK(6003) and OX-10P(6129) latest OS applied the latest AKU version.