Share via

Revoking Applications

  • Article

Send Feedback

To revoke an application, a mobile operator can revoke the certificate used to sign the .cab file. The hash of the certificate is used to revoke signed .cab files. In the case of unsigned .cab files and unsigned applications, the revocation works on the hash of the .cab file itself. The application for revoking certificates, Revoke.exe, is supported by Microsoft Windows XP and Windows 2000.

Note   The revoke.exe tool, available in the SDK, is used to create a revocation XML for the LoaderRevocation Configuration Service Provider. files, put the file revocation list into a .provxml file, that is processed on coldboot. For more information, see the LoaderRevocation Configuration Service Provider.

The use of Authenticode to sign and verify .cab files on Windows Mobile-based devices enables mobile operators or corporations to prevent a .cab file from installing by using one of the following revocation methods:

  • Revoke the certificate that the .cab file uses. The revoke tool creates a provisioning document that may be sent to the device adding the certificate to the revocation list. When a .cab file is installed, this list is checked to make sure that the .cab file's certificate is still valid.
  • Revoke the unique hash of the .cab file. This enables mobile operators to revoke a single, specific signed .cab file. The revoke tool creates a hash of a .cab file and creates instructions for that hash to be added to the revocation list on the device. The CAB Installer also hashes any signed .cab file downloaded to the device. If the result of this hash matches an entry in the revocation list, the installation fails. For example, if a third-party developer releases a signed application that the mobile operator does not approve, the mobile operator has the option to revoke that .cab file and ensure that it does not install on the device.
  • Revoke the unique hash of unsigned .cab files and unsigned applications. In the case of unsigned .cab files and unsigned applications, the revoke tool works on the hash of the .cab file or application itself. The hash of the .cab file or application itself is added to the revocation list on the device.

See Also

Deploying Windows Mobile Applications

Send Feedback on this topic to the authors

Feedback FAQs

© 2006 Microsoft Corporation. All rights reserved.