我有两个驱动程序文件似乎已被正确识别:
bobbarker@bobbarker-PC /cygdrive/c/Users/bobbarker/Desktop
$ ./SignTool.exe verify /kp /v /ph /d truecrypt.sys
Verifying: truecrypt.sys
Hash of file (sha1): 8562AC6F95298C1904DFC0B579C51CBB414D13C9
Signing Certificate Chain:
Issued to: AddTrust External CA Root
Issued by: AddTrust External CA Root
Expires: Sat May 30 05:48:38 2020
SHA1 hash: 02FAF3E291435468607857694DF5E45B68851868
Issued to: COMODO RSA Certification Authority
Issued by: AddTrust External CA Root
Expires: Sat May 30 05:48:38 2020
SHA1 hash: F5AD0BCC1AD56CD150725B1C866C30AD92EF21B0
Issued to: COMODO RSA Code Signing CA
Issued by: COMODO RSA Certification Authority
Expires: Mon May 08 18:59:59 2028
SHA1 hash: B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Issued to: Jason Pyeron
Issued by: COMODO RSA Code Signing CA
Expires: Wed Sep 16 18:59:59 2015
SHA1 hash: 535A507A767922BE8C9BF959BCD2179DE626AAA4
The signature is timestamped: Tue Dec 30 00:29:01 2014
Timestamp Verified by:
Issued to: Thawte Timestamping CA
Issued by: Thawte Timestamping CA
Expires: Thu Dec 31 18:59:59 2020
SHA1 hash: BE36A4562FB2EE05DBB3D32323ADF445084ED656
Issued to: Symantec Time Stamping Services CA - G2
Issued by: Thawte Timestamping CA
Expires: Wed Dec 30 18:59:59 2020
SHA1 hash: 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Issued to: Symantec Time Stamping Services Signer - G4
Issued by: Symantec Time Stamping Services CA - G2
Expires: Tue Dec 29 18:59:59 2020
SHA1 hash: 65439929B67973EB192D6FF243E6767ADF0834E4
Cross Certificate Chain:
Issued to: Microsoft Code Verification Root
Issued by: Microsoft Code Verification Root
Expires: Sat Nov 01 08:54:03 2025
SHA1 hash: 8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3
Issued to: AddTrust External CA Root
Issued by: Microsoft Code Verification Root
Expires: Tue Aug 15 15:36:30 2023
SHA1 hash: A75AC657AA7A4CDFE5F9DE393E69EFCAB659D250
Issued to: COMODO RSA Certification Authority
Issued by: AddTrust External CA Root
Expires: Sat May 30 05:48:38 2020
SHA1 hash: F5AD0BCC1AD56CD150725B1C866C30AD92EF21B0
Issued to: COMODO RSA Code Signing CA
Issued by: COMODO RSA Certification Authority
Expires: Mon May 08 18:59:59 2028
SHA1 hash: B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Issued to: Jason Pyeron
Issued by: COMODO RSA Code Signing CA
Expires: Wed Sep 16 18:59:59 2015
SHA1 hash: 535A507A767922BE8C9BF959BCD2179DE626AAA4
Successfully verified: truecrypt.sys
Number of files successfully Verified: 1
Number of warnings: 0
Number of errors: 0
bobbarker@bobbarker-PC /cygdrive/c/Users/bobbarker/Desktop
$ ./SignTool.exe verify /kp /v /ph /d truecrypt-x64.sys
Verifying: truecrypt-x64.sys
Hash of file (sha1): 5B9B534E682A8768F404B1A1CBFD9ACC98B8E195
Signing Certificate Chain:
Issued to: AddTrust External CA Root
Issued by: AddTrust External CA Root
Expires: Sat May 30 05:48:38 2020
SHA1 hash: 02FAF3E291435468607857694DF5E45B68851868
Issued to: COMODO RSA Certification Authority
Issued by: AddTrust External CA Root
Expires: Sat May 30 05:48:38 2020
SHA1 hash: F5AD0BCC1AD56CD150725B1C866C30AD92EF21B0
Issued to: COMODO RSA Code Signing CA
Issued by: COMODO RSA Certification Authority
Expires: Mon May 08 18:59:59 2028
SHA1 hash: B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Issued to: Jason Pyeron
Issued by: COMODO RSA Code Signing CA
Expires: Wed Sep 16 18:59:59 2015
SHA1 hash: 535A507A767922BE8C9BF959BCD2179DE626AAA4
The signature is timestamped: Tue Dec 30 00:28:52 2014
Timestamp Verified by:
Issued to: Thawte Timestamping CA
Issued by: Thawte Timestamping CA
Expires: Thu Dec 31 18:59:59 2020
SHA1 hash: BE36A4562FB2EE05DBB3D32323ADF445084ED656
Issued to: Symantec Time Stamping Services CA - G2
Issued by: Thawte Timestamping CA
Expires: Wed Dec 30 18:59:59 2020
SHA1 hash: 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Issued to: Symantec Time Stamping Services Signer - G4
Issued by: Symantec Time Stamping Services CA - G2
Expires: Tue Dec 29 18:59:59 2020
SHA1 hash: 65439929B67973EB192D6FF243E6767ADF0834E4
Cross Certificate Chain:
Issued to: Microsoft Code Verification Root
Issued by: Microsoft Code Verification Root
Expires: Sat Nov 01 08:54:03 2025
SHA1 hash: 8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3
Issued to: AddTrust External CA Root
Issued by: Microsoft Code Verification Root
Expires: Tue Aug 15 15:36:30 2023
SHA1 hash: A75AC657AA7A4CDFE5F9DE393E69EFCAB659D250
Issued to: COMODO RSA Certification Authority
Issued by: AddTrust External CA Root
Expires: Sat May 30 05:48:38 2020
SHA1 hash: F5AD0BCC1AD56CD150725B1C866C30AD92EF21B0
Issued to: COMODO RSA Code Signing CA
Issued by: COMODO RSA Certification Authority
Expires: Mon May 08 18:59:59 2028
SHA1 hash: B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Issued to: Jason Pyeron
Issued by: COMODO RSA Code Signing CA
Expires: Wed Sep 16 18:59:59 2015
SHA1 hash: 535A507A767922BE8C9BF959BCD2179DE626AAA4
Successfully verified: truecrypt-x64.sys
Number of files successfully Verified: 1
Number of warnings: 0
Number of errors: 0
bobbarker@bobbarker-PC /cygdrive/c/Users/bobbarker/Desktop
$
但是当我尝试安装它们时,我得到了错误的错误:
Windows无法验证此文件的数字签名。最近 硬件或软件更改可能已安装已签名的文件 不正确或损坏,或者可能是恶意软件 来源不明。
我有posted the files in question, along with the relevant certs。我使用以下命令创建文件:
for i in *.sys; do
cp "$i" "$i".presignbak && \
/cygdrive/c/WinDDK/7600.16385.1/bin/amd64/SignTool.exe sign /v /ac AddTrust_External_CA_Root-srosssigned-by-Microsoft.crt /f signkey.pfx /p password /t http://timestamp.verisign.com/scripts/timstamp.dll "$i" ;
done
我的cert使用签名算法:sha256WithRSAEncryption
我接下来应该尝试什么?
答案 0 :(得分:3)
事实证明Microsoft does not support SHA-2 for driver signing on Windows 7。
在某些情况下,您可能希望使用两个不同的签名对驱动程序包进行签名。例如,假设您希望您的驱动程序在Windows 7和Windows 8上运行.Windows 8支持使用SHA256散列算法创建的签名,但Windows 7不支持。对于Windows 7,您需要使用SHA1散列算法创建签名。
假设您要构建和签署将在x64硬件平台上的Windows 7和Windows 8上运行的驱动程序包。您可以使用使用SHA1的主要签名对驱动程序包进行签名。然后,您可以附加使用SHA256的辅助签名。您可以对两个签名使用相同的证书,也可以使用单独的证书。以下是使用Visual Studio创建两个签名的步骤。
答案 1 :(得分:0)
可能是您的Windows PC安装的CA根目录与您用来签署的机器相同。校验? 检查证书链中列出的CA是否已正确安装(运行> mmc)您尝试安装的位置。