Creating Signed CAB Files for MFC and ATL Controls

If you plan to distribute MFC and ATL controls via the Internet, you should package them as signed Cabinet (CAB) files. Signed files assure a user downloading your control that the code is safe. A CAB file contains a compressed version of your control plus information about how your control is to be installed, for example, what DLLs need to be installed along with the OCX.

The tools you need to create and sign CAB files are provided on the Visual C++ CD in the CAB&SIGN directory. The utilities in the CAB&SIGN directory are not installed automatically when you install Visual C++, so you must copy the contents of the CAB&SIGN directory to your hard drive.

Before you can sign files, you need to get a Software Publisher Certificate. You must apply for your own certificate to a Certification Authority. With the tools in the CAB&SIGN directory you can create a test certificate for testing purposes, but this certificate cannot be used to sign code for distribution. See step 1 for information about applying for a Software Publisher Certificate.

These are the steps to create a signed CAB file:

  1. Get a Software Publisher Certificate (you only need to do this once)

  2. Create the CAB file

  3. Sign your files

  4. Embed the signed CAB file in a Web page (optional)