WoSign常见问题问答：GeoTrust微软移动代码签名证书常见问题问题

1. 我需要签名的代码吗？为什么？ Do I need to have my code signed? Why?
答：是的。许多移动运营商都要求在Windows Mobile操作系统上的代码安装和运行都需要代码签名。请浏览微软网站查看各个移动运营商的具体要求。
Yes. Many carriers require Code to be signed in order to both install and execute on the Windows Mobile-based Smartphones. Click here to review specific mobile operator and configuration details available.

2. 为何需要把已经签名的代码发给GeoTrust？ Why do I need to sign the code I send to GeoTrust?
答：您需要把已经签名的代码发给GeoTrust的原因是： (1) GeoTrust必须验证已经签名的代码的签名证书是否有效；(2) GeoTrust必须效验签名代码的完整性，效验测试保证了已经签名的代码没有被篡改。
The code you send to GeoTrust must be signed for the following reasons. First, GeoTrust must verify the files submitted were signed with a certificate in good standing. Second, GeoTrust must validate the data integrity of the file(s) submitted. Performing a signature verification test insures the file(s) have not been altered between the time you signed the file and the time it was submitted to GeoTrust.

3. 为何不能直接使用USB Key中的证书来签名代码？ Why can't I just sign my code with the token I get from GeoTrust?
答： GeoTrust寄给您的USB Key中的证书仅用于登录GeoTrust后台签名系统的强身份认证用，来确保签名者的真实身份，而不能直接用于代码签名。
The token you get from GeoTrust contains a certificate that is recognized by GeoTrust only. This certificate is not trusted in the Smartphone application environment. GeoTrust uses this certificate to recognize and grant access to your Windows Mobile Code Signing Credentials account; in addition we insure files submitted in your account were signed by this same certificate (Your certificate).

4. 哪些文件需要签名？ What file suffixes do I need to sign?
答：.exe, .dll, .mui, .cab 和 .cpl文件都必须数字签名。WM5还要求您签名resource-only DLLs。
.exe, .dll, .mui, .cab and .cpl files must be signed. Also, a change in Windows Mobile 5 requires you to sign resource-only DLLs.

5. 如何签名？ How do I sign code with my token?
答：您可以使用开发工具SDK中的签名工具signcode.exe来签名您的代码，开发工具可以到微软网站上下载：http://msdn.microsoft.com/mobility/downloads/sdks/default.aspx。
You will sign your code with the signcode.exe application in the SDKs for use in mobile and embedded application development. The SDKs for Microsoft Smartphone 2003, and Windows Mobile 5.0 can be obtained by visiting the following URL: http://msdn.microsoft.com/mobility/downloads/sdks/default.aspx

6. 为何CAB文件也需要签名？ Why does the CAB need to be signed, too?
答： CAB文件需要签名后才能安装。 The CAB needs to be signed for applications to install.

7. 我需要签名用于ActiveSync的exe文件吗？ Do I need to sign the EXE I use for ActiveSync?
答：不需要。但如果如果用于ActiveSync的打包文件则需要签名。
No, but the application files delivered within the ActiveSync self-extracting bundle must be signed if they are suffixed .exe, .dll, or .mui.

8. 如果我购买的签名事件已经用完怎么办？ What if I run out of events?
答：您只需新购买签名事件数即可。
You can purchase more within your Windows Mobile Code Signing Credentials management application.

9. 如果我丢了USB Key怎么办？ What if I lose my token?
答：如果您丢了USB Key，您应该立刻报告GeoTrust，GeoTrust会马上吊销USB Key中的证书。您需要重新购买一个，费用包括工本费和邮费。
If your token is lost, you must report this to GeoTrust. We will make the associated certificate unusable immediately. In addition, you must request a new certificate. Fees will apply for labor, materials, and postage associated with the new request.

10. 如果我忘了USB Key的密码怎么办？ What if I forget my token password?
答：如果您忘了您的USB Key密码，则您应该联系GeoTrust，将把重置的密码发到申请证书时填写的Email中。
If you forget your token password you should contact GeoTrust customer support. An email can be sent to the email address on file for the token.

11. GeoTrust会测试我的代码来保证代码能正常工作和没有病毒吗？ Does GeoTrust test my software to make sure it works and doesn't have a virus?
答：不。GeoTrust不提供此服务。
No, GeoTrust does not test the software submitted for signing in your Smartphone Credentials environment.

12. 使用GeoTrust签名证书签名的应用是否就是通过微软认证的应用？ Does my GeoTrust-signed application allow me to use Microsoft's Designed for Windows Smartphone designation?
答：不。GeoTrust只提供代码签名服务使得您的代码可以在WM5和Smartphone上运行。只有微软认证的代码测试合作伙伴测试您的代码后，您才能在产品包装和产品广告上使用支持微软移动的标志。GeoTrust不是一个测试服务提供商，您可以联系：Veritest 或 QualityLogic 。
No. GeoTrust offers a code signing service that allows your application to run on the Smartphone. Only a Microsoft Certified Testing Partner can grant you the authority to use the Designed For Windows-Powered Mobile Devices logo in your packaging and advertising. GeoTrust is not a Testing Partner; such a service can be obtained from Veritest ( http://www.veritest.com) or QualityLogic (http://www.qualitylogic.com).

13. 申请微软移动支持标志费用是600美元吗？ Someone said this is going to cost $600 per application, is that true?
答：如果要在产品包装和广告中使用“Designed for Windows-Powered Mobile Devices”标志，您需要通过第三方的测试，测试费用为600美元，GeoTrust并不收取此费用。
The $600 cost people are referring to here is the possible costs of having your application receive the "Designed for Windows-Powered Mobile Devices" designation. This process is performed by independent application testing/approval organizations and is not related to GeoTrust.

14. 代码签名和身份认证有什么不同？ What is the difference between code signing and certification?
答：代码签名是指对您开发的软件代码使用签名证书签名代码的过程。而身份认证是指 GeoTrust在颁发签名证书时验证您的真实身份的过程，包括查验申请单位的营业执照和验证具体申请人是申请单位的员工等。
Code signing is a term used for generic file/application signing. In the Smartphone environment, this would be the signing process performed on individual files and applications by both you and GeoTrust. Certification is a term typically used when referring to third-party validation services. In the scope of Smartphone code signing service signup, GeoTrust validates your business identity by obtaining and checking certain business registration documents for your company in addition to validating individuals with your company. During the use of your service GeoTrust continually insures files and applications have been submitted by the validated company.

15. 如果我的CAB文件不包含需要签名的文件，怎么办？ What if my CAB just contains files that do not need to be signed?
答：那您就只提交.cab文件签名即可。 You can submit the .cab alone for signing.

16. 如果我的软件有bug(缺陷)，如何能实现此代码不能再在用户手机上运行？ What do I do if my software has a bug and I want to disable it from affecting user phones?
答：您可以向GeoTrust申请吊销签名此代码的证书，这样才能使此代码不能使用。
You request from GeoTrust that the certificate used for signing be revoked. This would render the application unusable. Please use the information below to contact the GeoTrust Customer Support Center http://www.geotrust.com/support/index.asp

17. 证书吊销是如何工作的？ How does certificate revocation work?
答：如果签名证书已经吊销，则该吊销证书的唯一序列号和其他信息会添加到证书吊销列表中，移动终端(智能手机)运行已经签名的代码时会自动检查证书吊销列表，一旦发现此证书已经被吊销，则不会安装和运行此代码。
If a certificate that was used for an application signing has been revoked, the serial number and other relevant information will be placed in a file used in revocation checking. If the Smartphone environment detects a signing certificate serial number in this file the application will not be able to install or execute.

18. 当GeoTrust吊销证书后，是否我们的应用代码就会马上停止运行？ When GeoTrust revokes a certificate, does that mean my application will stop running on the phones immediately?
答：这取决于智能手机和移动网络的设置，如果设置为在线实时查验证书吊销列表，则会即刻停止运行。您需要咨询您的移动运营商。
This depends on the phone and carrier's configurations. If revocation checking is configured optimally, then applications will stop running immediately. Please check with your phone service provider.

19. 什么是“Application/File Name”和"Application/File Version"？ What is the "Application/File Name" and "Application/File Version"?
答： "Application/File Name"是每个提交到GeoTrust后台签名系统的单个文件的唯一文件名。 "Application/File Version"则是该单个文件的版本号，一般为1.0。
The "Application/File Name" is a name descriptor for the individual file or final application being uploaded for re-signing. The "Application/File Version" is the version of the individual signed file or final signed application being uploaded for re-signing. Typically a numeric value, i.e. 1.0

20. 如果我需要重新安装USB Key的驱动程序，哪里可以下载？ If I lose my drivers, where can I go to download them again?
答：请到此处下载驱动程序：http://downloads.geotrust.com/TCSPIKEY0407203016.exe

21. 签名代码有文件大小限制吗？ What is the size limitation for files?
答：是的，不超过8MB。 Files can not exceed 8MB.

22. 如果我的签名事件还没有用完，但后台管理证书已经过期怎么办？ What if I haven't used up all my signings before my Administrator Access certificate expires?
答：在证书到期之前，系统会自动发送一个免费续期的邮件到申请证书时使用的邮箱中，提示用户如何免费为管理证书续期，如果您在证书到期之前成功申请了续期，则可以继续正常使用。如果您没有忽略了此邮件而没有在证书到期之前续期，则您需要把USB Key寄回给GeoTrust重新颁发一个新的管理证书给您，重新颁发工本费和邮寄回给您的费用要您承担。请注意：您没有用完的签名事件一直有效，但需要有效的USB Key管理证书安全登录后才能使用。
An auto-generated email will be sent to the email address supplied during service enrollment informing you that your Administrator certificate is about to expire. If you proceed with the instructions prior to certificate expiration, you will not need to ship your token back to GeoTrust. If you neglect to respond prior to certificate expiration, you will need to ship your token back to GeoTrust to obtain a new Administrator certificate. Processing and shipping fees will apply depending upon your address. Please note, unused signing events can not be utilized without proper access to the Smart phone signing portal.

23. 如何获得微软的特权签名授权？ How do I obtain authorization for Privileged Microsoft Mobile to Market Root signing services?
答：为了获得微软的特权签名授权，您必须联系微软：M2M@microsoft.com，告诉微软您已经申请了GeoTrust的移动代码签名证书，需要申请特权签名服务。请注意：您必须先向GeoTrust/WoTrust申请移动代码签名证书后，告诉微软您的GeoTrust订单号。微软会要求开发商提交一些申请材料来评估是否满足特权签名的要求。
To obtain privileged signing for Windows Mobile Smartphone platform you will need to contact Microsoft at: M2M@microsoft.com and let them know you have enrolled for GeoTrust's Code Signing Credentials for Windows Mobile and would like to gain access to the Microsoft Privileged signing service. It is important that you first enroll for the GeoTrust Windows Mobile signing service as Microsoft will require you to submit the order ID number we assign to you.
Microsoft will supply prospective developers with instructions on how to submit an application which will be evaluated for compliance with the Microsoft Privileged Certificate Technology Requirements. Proper permission from Microsoft is required before any SmartPhone Credential Account can be updated and assigned Root signing access.

24. 如何参与微软Mobile2Market计划？How can I sign code for the Microsoft Mobile2Market Program?
答： GeoTrust微软移动代码签名证书同时支持微软Mobile2Market计划的非特权签名和特权签名，但非特权签名不用联系微软，直接支持；而特权签名则需要参与微软Mobile2Market计划，您可以Email联系微软： M2M@microsoft.com，获得授权后就可以使用特权签名了。详情请浏览这里。
If you are participating in the Microsoft Mobile2Market program and looking to getting your applications signed, note that we support both Unprivileged and Privileged mode signing. Unprivileged signing is available for all developers through the signing portal by default. However, to access the MS Windows Mobile for Smartphone Privileged signing, you need to get pre-authorized by Microsoft after meeting certain Technology Requirements.
Please contact your Microsoft Mobile2Market contact or send an e-mail to M2M@microsoft.com alias for details and to be authorized to access the MS Privileged root. More details on operator support for Mobile2Market privileged signing is available here .

25. 我如何签名代码？ How do I sign my files with the signing services I have been authorized for?
答：首先，您必须成功申请签名证书，收到一个含有签名后台管理证书的USB Key用于登录签名系统的强身份认证，具体签名步骤如下：
First, you must signup for and obtain Smartphone Credentials. Upon doing this you will receive a hardware token with a digital certificate on it. This certificate is used to gain administrative access to your Smartphone Credentials environment as well as to digitally sign your files and applications prior to upload. Typical steps after Smartphone Credentials service setup:

(1) 使用微软Smartphone SDK开发工具中的签名软件signcode.exe来签名.exe, .dll, .cpl, .cab 和 .mui文件，签名证书含在USB Key中，此工作在电脑上完成；
a. Digitally sign .exe, .dll, .cpl, .cab and .mui files of application. This step is performed utilizing signcode.exe from Microsoft's Smartphone SDK and your certificate which has been issued by GeoTrust and is located on your token. You do not have to access your Smartphone service to perform this step.

(2) 登录GeoTrust后台签名系统，选择正确的签名服务来签名您的文件；
b. Go to the SmartPhone signing portal. By default, you will have access to the Microsoft Mobile2Market (M2M) Unprivileged Root signing, that service plus any other signing service you have been authorized for will be listed in the drop down list of the signing portal. Choose the signing service you want to sign your files.

(3) 上传已经签名的文件到GeoTrust后台签名系统；
c. Upload each digitally signed file to your Smartphone Credentials service.

(4) GeoTrust系统会自动验证已经签名的代码是否是您签名的和是否已经被篡改，如果正常，则系统自动对您的文件重新签名，此文件将可以被移动终端信任而安全运行。
d. GeoTrust verifies the file(s) were submitted by you and not altered. GeoTrust then generates a code-confirmation certificate to re-sign your file. The code-confirmation certificate used here will be trusted by the Smartphone environment, allowing execution of correctly signed files.

(5) 您就可以为已经重新签名的文件打包成.cab文件了；
e. Newly re-signed files will be made available to you for .cab packaging.

(6) 您必须把所有已经重新签名的文件都打包到.cab文件中；
f. You will need to bundle all digitally re-signed files into a .cab.

(7) 再使用signcode.exe签名.cab文件，签名证书为USB Key中的证书，而不用登录后台签名系统；
g. Digitally sign the created .cab. This step is performed utilizing signcode.exe and your certificate which has been issued by GeoTrust and is located on your token. You do not have to access your Smartphone service to perform this step.

(8) 把已经签名的.cab文件上传到后台签名系统；
h. Upload digitally signed final application (.cab) to your Smartphone Credentials service.

(9) GeoTrust后台系统验证.cab文件是您签名的和是否已经被篡改，如果正常，则系统自动对您的文件重新签名，此文件将可以被移动终端信任而安全运行。
i. GeoTrust verifies the .cab was submitted by you and not altered. GeoTrust then generates a code-confirmation certificate to re-sign your .cab. The code-confirmation certificate used here will be trusted by the Smartphone environment, allowing installation of correctly signed application.

26. 我可以签名Windows Mobile 5操作系统的代码吗？ Can I sign my applications for the Windows Mobile 5 operating system with your signing service?
答：是的，GeoTrust微软移动代码签名证书可以同时用于Pocket PC和Smartphone中的移动操作系统Windows Mobile 5的代码。
Yes, our Code Signing Credentials for Windows Mobile will allow you to sign applications for the Windows Mobile 5 OS on both Pocket PCs and Smartphones.