When deploying an application, you can digitally sign each cabinet file and have the end user verify each digital signature when the file downloads. This approach provides end users with the assurance that each file has:
Authenticity — Assurance that you prepared the file
Integrity — Assurance that nobody has tampered with the file
Note: Progress Software Corporation strongly encourages the application deployer to digitally sign each file to be downloaded.
The WebClient Application Assembler uses Microsoft Authenticode technology to sign the application cabinet files digitally. It requires access to the signtool.exe, pvk2pfx.exe, and optionally makecert.exe tools. You need makecert.exe if you wish to create a mock public-key certificates for testing. These tools are part of Microsoft Windows SDK.