How to Sign a Cab File

1. Purchase a Microsoft Authenticode Digital ID from Verisign, Thawte, Comodo or any other vendors of certificate authority (also known as CA). This ID allows you to digitally sign .cab files, as well as .dll, .exe and .ocx files.
2. Download the mycredentials.spc and myprivatekey.pvk files. Your particular CA vendor will email you with instructions for how to use their particular certificate and where to download these files.
3. Download the Microsoft .NET Framework software development kit (SDK) version 1.1. This SDK includes the Crypto API files that are required for you to sign a .cab file. See the Resources section below for a direct link to download this file from Microsoft.
4. Create a private key file named Mycert.pvk by opening a command prompt and typing the following:makecert -sv 'mycert.pvk' -n 'CN=My Company' mycert.cerThe new Mycert.cer file is used to create a new .spc file. Type a password in the box that pops up.
5. Create an .spc file from the Mycert.cer file using the correct password. Do this by typing the following line into a command prompt:cert2spc mycert.cer mycert.spc
6. Sign the .cab file using your key information by typing the following line into a command prompt:signcode -v mycert.pvk -spc mycert.spc new.cab -t [time stamp server URL]Contact the CA that provided you with your certificate file and obtain the location of the server for the time stamp.
7. Run Setreg.exe on the client system with a value of TRUE to be sure that your test certificates will be recognized. You can validate a .cab file by typing the following line into a command prompt:setreg -q 1 TRUE
8. Run Checktrust.exe to make sure that the .cab file is signed properly. Type the following line into a command prompt:chktrust new.cabIf everything has worked correctly, you should see a result of 'mycab.cab: Succeeded.'