sn.exe is the Strong Name tool and is used for signing an assembly with
a strong name. Strong Name signing helps to ensure that an assembly is
globally unique and it helps to protect the version lineage of an
assembly. They also provide guarantees that the assembly has not been
changed since it has been built. Strong name signing of assemblies is
required if you are going to install them into the GAC.
What you are after, James, is Authenticode signing. This will ensure
the integrity and authenticity of your assemblies and your CAB. If you
choose do sign your assemblies outside of Visual Studio, you will need
to use the SignTool.exe tool.
The Windows Mobile SDK certs exist for developers to test their bits
under the different privilege levels. For WM5 PPC, the certs may be
found at C:\Program Files\Windows CE Tools\wce500\Windows Mobile 5.0
Pocket PC SDK\Tools In that directory, you will find the certs as well
as a CAB for you install the certs on your device for testing. The
certs are already installed on the emulator.
These certs are *not* for release and you cannot use them as such as the
devices will not the certificate on them.
You can sign your CABs and your assemblies with a private cert; however,
you would need to install that cert on the device so that the assemblies
and CAB could be verified. Also note that the signature on the CAB will
be ignored unless the EXEs and DLLs in the CAB are also signed.
If you haven't read the following, I would suggest them:
http://msdn.microsoft.com/security/default.aspx?pull=/library/en-us/dnppcgen/html/wmsecurity.asp
http://blogs.msdn.com/windowsmobile/archive/2005/12/17/491167.aspx
Most my reply here (as I'm sure you've noted) assumes WM5.0 - what
version of the .NET CF are you using and what is your target platform?