If you want to digitally sign each cabinet file for your WebClient application and you want the end user to verify the digital signature of the downloaded files you must assign a series of keys and certificates.

To digitally sign a cabinet file, you need:

  • Your private key
  • Your public key in the form of a public-key certificate

To verify the digital signature of a downloaded cabinet file, the end user needs your public key in the form of a public-key certificate.

So, to use digital signatures, you need a private key, a public key, and a public-key certificate, while your end user needs your public-key certificate.