Signing CAB files with temporary certificate during development

1. Refer to Create Temporary Certificates for Use During Development on how to create a test certificate.

2. Copy signtool.exe from "C:\Program Files\Microsoft SDKs\Windows\v6.0A\bin\" to the cabsigntool folder if it's not already there.

3. Use cabsigntool to sign the CAB file:

cabsigntool oldCAB.CAB newCAB.CAB

to sign the CAB file locally. This will sign the CAB file header as well as its contents with the local certificate.

4. Done. When opening in Explorer, the Property tab will show that the CAB has been signed.

5. The signed CAB files will not be trusted by the device by default. To make the device trust the signed CAB files, the development root cert must be installed on the device manually.

6. In production, locally signed CAB files components (.EXE, .DLL) will need to be uploaded to signing authority website portal, where it will be signed again. Developers will download the signed files from the portal, package them back into CAB files, sign the CAB file header again using signtool. The sign CAB file must be uploaded to the portal again and the finally signed CAB file ready for release will be available for download from the portal.