Note: Create Root Certificate/Software Publishing Certificate to use Makecert.exe

On windows platform can to use Makecert.exe/Cert2spc.exe/Signcode.exe/Signtool.exe (Can to MSDN download a dot NET SDK and installed it)

How to create a Root Certificate Authority

makecert -n "CN=Kun-Yi Chen, E=kunyi.chen (at spam) gmail.com, O=idv, OU=Personal, L=Taipei, S=CA, C=TW" -r -len 2048 -a sha1 -sv YourCA_Root.pvk YourCA_Root.cer

How to create a certificate issued by Root CA

makecert YourSign.cer -sv YourSign.pvk -ic YourCA_Root.cer -iv YourCA_Root.pvk -n "CN=Kun-Yi Chen Privileged Signing Cert" -len 2048 -a sha1

Convert certificate to SPC format

cert2spc YourCA_Root.cer YourSign.cer SignCerticate.spc

How to sign your application

signcode -spc SignCerticate.spc -v YourSign.pvk YourApp.exe

The following is a example for security/certificate provisioning xml

(CertificateStore Configuration Service Provider)

<wap-provisioningdoc>
<!– the file should embed ROM image. File name should use the following format
    mxip_<package name>_<version>.provxml, <package name> and <version> please replace to meet your BSP defined
    normal call "mxip_oem_100.provxml" and put it into Files section in platform.bib –>
<characteristic type="CertificateStore">
    <characteristic type="Privileged Execution Trust Authorities">
        <!– Root CA Hash binary/real code  –>
        <characteristic type="EDDDC838D82FE03214AB1FB3267E73412E85B457">
            <!– The following parm provides a base64 encoded Root CA. –>
            <parm name="EncodedCertificate" value="MIIEVTCCA0GgAwIBAgIQbUEym3gfnJFI8E81MkThvzAJBgUrDgMCHQUAMIGHMQswCQYDVQQGEwJUVzELMAkGA1UECBMCQ0ExDzANBgNVBAcTBlRhaXBlaTERMA8GA1UECxMIUGVyc29uYWwxDDAKBgNVBAoTA2lkdjEjMCEGCSqGSIb3DQEJARYUa3VueWkuY2hlbkBnbWFpbC5jb20xFDASBgNVBAMTC0t1bi1ZaSBDaGVuMB4XDTA5MDkyMzE4MzgyOFoXDTM5MTIzMTIzNTk1OVowgYcxCzAJBgNVBAYTAlRXMQswCQYDVQQIEwJDQTEPMA0GA1UEBxMGVGFpcGVpMREwDwYDVQQLEwhQZXJzb25hbDEMMAoGA1UEChMDaWR2MSMwIQYJKoZIhvcNAQkBFhRrdW55aS5jaGVuQGdtYWlsLmNvbTEUMBIGA1UEAxMLS3VuLVlpIENoZW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4J8DqOfwWo/tZzEWWuslciNuj9iiwFNHqGGwiNt8g1ps7hjq0areRvHApwJsq5N6xc2E7NTsYrk/Jj40laTWmfQcEZpfSV655ojrEcHs3mkEdEPnLx19PZ9CLIhGq9bASvIrcNyCdr9bG5UCk7g1orTfFW1VfRLCi8itnsiTzAg4Hoei57n1yFqhURqmFEXb9ZibMTGlwZRm+aZUDOqK00VH57QMhhajqFZ9bhoxfH1ZAr7tQb8itRF8is8VcoCVi5hpwTt5rguybP4MlF0/y7gDMPJ5g8c80F6bN0WMmz/UdBv3HebThMtyw2D2U505o261QrulB1TOThBHxs86HAgMBAAGjgcIwgb8wgbwGA1UdAQSBtDCBsYAQ7CXvuhwuvVi2fiFKoB5igKGBijCBhzELMAkGA1UEBhMCVFcxCzAJBgNVBAgTAkNBMQ8wDQYDVQQHEwZUYWlwZWkxETAPBgNVBAsTCFBlcnNvbmFsMQwwCgYDVQQKEwNpZHYxIzAhBgkqhkiG9w0BCQEWFGt1bnlpLmNoZW5AZ21haWwuY29tMRQwEgYDVQQDEwtLdW4tWWkgQ2hlboIQbUEym3gfnJFI8E81MkThvzAJBgUrDgMCHQUAA4IBAQCzxeK5Mufw3V+rW79XVzdmM0ambbv6xZqc4F2cX8gPwl/62hcWl0dwYluXmvSsnSGGuyg5ukJ5956nzAPh9wEh/ECtMLsRVVPVjSSNfcEwrDnX7kFU/PwXUPSrL3fa08sVqJRN2jqb3m99qvPv9v56hfj3/QnPUvXuLaxyvKUOb7t9H3vkkug8b/Zy6frzupLQzydAUCiKcz45aDTpW2Ye/3lLdCNVhplrC8IFOwknexmOFFXSK/Q0vXSd+awxD/xpwcMluHRkjJ9dDqgJIhVbn2HxuXhLyad24y7RlJqpI5TurBkudRlL4j6CozRgsFPwDJsJb5QrBGmItGBYZZjh" />
            <parm name="IssuedBy" value="Kun-Yi Chen" />
            <parm name="IssuedTo" value="Kun-Yi Chen" />
            <parm name="ValidFrom" value="9/24/2009 02:38:28AM" />
            <parm name="ValidTo" value="1/1/2040 07:59:59AM" />
            <parm name="TemplateName" value="" />
        </characteristic>
    </characteristic>

    <!– SPC(Software Publishing Certificate) configuration service provider –>
    <characteristic type="SPC">
        <characteristic type="EDDDC838D82FE03214AB1FB3267E73412E85B457">
            <parm name="EncodedCertificate" value="MIIEVTCCA0GgAwIBAgIQbUEym3gfnJFI8E81MkThvzAJBgUrDgMCHQUAMIGHMQswCQYDVQQGEwJUVzELMAkGA1UECBMCQ0ExDzANBgNVBAcTBlRhaXBlaTERMA8GA1UECxMIUGVyc29uYWwxDDAKBgNVBAoTA2lkdjEjMCEGCSqGSIb3DQEJARYUa3VueWkuY2hlbkBnbWFpbC5jb20xFDASBgNVBAMTC0t1bi1ZaSBDaGVuMB4XDTA5MDkyMzE4MzgyOFoXDTM5MTIzMTIzNTk1OVowgYcxCzAJBgNVBAYTAlRXMQswCQYDVQQIEwJDQTEPMA0GA1UEBxMGVGFpcGVpMREwDwYDVQQLEwhQZXJzb25hbDEMMAoGA1UEChMDaWR2MSMwIQYJKoZIhvcNAQkBFhRrdW55aS5jaGVuQGdtYWlsLmNvbTEUMBIGA1UEAxMLS3VuLVlpIENoZW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4J8DqOfwWo/tZzEWWuslciNuj9iiwFNHqGGwiNt8g1ps7hjq0areRvHApwJsq5N6xc2E7NTsYrk/Jj40laTWmfQcEZpfSV655ojrEcHs3mkEdEPnLx19PZ9CLIhGq9bASvIrcNyCdr9bG5UCk7g1orTfFW1VfRLCi8itnsiTzAg4Hoei57n1yFqhURqmFEXb9ZibMTGlwZRm+aZUDOqK00VH57QMhhajqFZ9bhoxfH1ZAr7tQb8itRF8is8VcoCVi5hpwTt5rguybP4MlF0/y7gDMPJ5g8c80F6bN0WMmz/UdBv3HebThMtyw2D2U505o261QrulB1TOThBHxs86HAgMBAAGjgcIwgb8wgbwGA1UdAQSBtDCBsYAQ7CXvuhwuvVi2fiFKoB5igKGBijCBhzELMAkGA1UEBhMCVFcxCzAJBgNVBAgTAkNBMQ8wDQYDVQQHEwZUYWlwZWkxETAPBgNVBAsTCFBlcnNvbmFsMQwwCgYDVQQKEwNpZHYxIzAhBgkqhkiG9w0BCQEWFGt1bnlpLmNoZW5AZ21haWwuY29tMRQwEgYDVQQDEwtLdW4tWWkgQ2hlboIQbUEym3gfnJFI8E81MkThvzAJBgUrDgMCHQUAA4IBAQCzxeK5Mufw3V+rW79XVzdmM0ambbv6xZqc4F2cX8gPwl/62hcWl0dwYluXmvSsnSGGuyg5ukJ5956nzAPh9wEh/ECtMLsRVVPVjSSNfcEwrDnX7kFU/PwXUPSrL3fa08sVqJRN2jqb3m99qvPv9v56hfj3/QnPUvXuLaxyvKUOb7t9H3vkkug8b/Zy6frzupLQzydAUCiKcz45aDTpW2Ye/3lLdCNVhplrC8IFOwknexmOFFXSK/Q0vXSd+awxD/xpwcMluHRkjJ9dDqgJIhVbn2HxuXhLyad24y7RlJqpI5TurBkudRlL4j6CozRgsFPwDJsJb5QrBGmItGBYZZjh" />
            <parm name="Role" value="254" />
            <parm name="IssuedBy" value="Kun-Yi Chen" />
            <parm name="IssuedTo" value="Kun-Yi Chen" />
            <parm name="ValidFrom" value="9/24/2009 02:38:28AM" />
            <parm name="ValidTo" value="1/1/2040 07:59:59AM" />
            <parm name="TemplateName" value="" />       
        </characteristic>
    </characteristic>
</characteristic>
</wap-provisioningdoc>

 

How to create OEMDefaultCerts.dat ( your can see the file in some WinCE 6.0 BSP, OEM should to replace it)

copy /y /b yourcertifcate1.cer yourcertifcate2.cer … yourcertifcaten.cer OEMDefaultCerts.dat

 

visit http://www.cryptosys.net/ , if you want automation do the work,

Ref.

http://www.codeproject.com/KB/aspnet/4stepsSSL.aspx?msg=3128579

http://wiki.debian.org.hk/w/Manage_your_own_CA

MSDN: Makecert.exe

Creating X.509 Certificates using makecert.exe

Kernel Mode Code Signing on Windows Vista and Windows Server Longhorn.ppt

Digital Signatures for Kernel Modules on Systems Running Windows Vista

廣告

發表迴響

在下方填入你的資料或按右方圖示以社群網站登入:

WordPress.com Logo

您的留言將使用 WordPress.com 帳號。 登出 / 變更 )

Twitter picture

您的留言將使用 Twitter 帳號。 登出 / 變更 )

Facebook照片

您的留言將使用 Facebook 帳號。 登出 / 變更 )

Google+ photo

您的留言將使用 Google+ 帳號。 登出 / 變更 )

連結到 %s

%d 位部落客按了讚: