Effect of .cab Signing Policies on the .cab File Installation Process
The .cab installation process is used for the installation of a .cab, .hme, .tsk, or .cpf file. The following steps describe the .cab file installation process with the .cab signing policies:
If the hash of the .cab file, signed or unsigned, is in the revocation list, the installation fails.
Wceload.exe determines whether the .cab file is signed.
If the .cab file is not signed and the Unsigned .cab policy does not allow unsigned .cab files (SECPOLICY_UNSIGNEDCABS = 0), the installation fails. Otherwise, the installation continues.
For unsigned .cab files, if the Unsigned Prompt policy is not enabled (SECPOLICY_UNSIGNEDPROMPT = 1), the user is not prompted and the .cab file is installed with the role mask dictated by the Unsigned .cab policy.
If the Unsigned Prompt policy is enabled (SECPOLICY_UNSIGNEDPROMPT = 0), the Prompt Exclusion List is checked. If the .cab file hash is on the list, the .cab file is installed with the role mask dictated by the Unsigned .cab policy.
If the unsigned .cab file hash is not on the Prompt Exclusion List, the user is prompted to accept or reject the unsigned .cab file. If the .cab file is rejected, the installation fails. If the .cab file is accepted, both the hash of the .cab file and the hash of any unsigned executable files inside the .cab file are added to the Prompt Exclusion List. The .cab file is installed with the role mask dictated by the Unsigned .cab policy.
Note If any of the executable files in the .cab file have been revoked, the installation fails.
If the .cab file is signed, each certificate up the certificate chain is validated.
The integrity of the .cab file is checked as follows:
- The hash of the .cab file is computed.
- The hash of the .cab file signed by the private key of the publishing CA is extracted from the signature.
- The signed hash is decrypted by means of the public key of the certificate used to sign it.
- The two hashes are checked and must be identical.
- If the two hashes are different, the .cab file has been tampered with and the installation fails.
If the certificate hash is on the revoked list, the installation fails.
The chain of certificates in the signature is checked against the SPC store as follows:
- If any one of the certificates in the chain of certificates is revoked, the installation fails.
- If a match is found in the SPC store, the CAB Installer installs the .cab file with the role mask associated with that certificate.
- If the SPC store is empty or a match is not encountered, the .cab file is treated as an unsigned .cab file. See Step 4.
See Also
Security for Windows Mobile Devices
Last updated on Friday, April 22, 2005
© 2005 Microsoft Corporation. All rights reserved.
Send feedback on this topic to the authors.