使用十字符号签名

时间:2018-10-25 13:38:59

标签: windows kernel driver code-signing-certificate

为什么签名有效,但签名验证无效?

  

signtool标志/ v / ac comodorsacertificationauthority_kmod.crt / tr http://timestamp.comodoca.com/rfc3161 mydriver.sys

The following certificate was selected:
    Issued to: Company, Inc
    Issued by: COMODO RSA Extended Validation Code Signing CA
    Expires:   >..
    SHA1 hash: ....

Cross certificate chain (using machine store):
    Issued to: Microsoft Code Verification Root
    Issued by: Microsoft Code Verification Root
    Expires:   Sat Nov 01 16:54:03 2025
    SHA1 hash: 8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3

        Issued to: COMODO RSA Certification Authority
        Issued by: Microsoft Code Verification Root
        Expires:   Mon Apr 12 01:16:20 2021
        SHA1 hash: 106870659C069F248C8C0A05ACD871CABEB3CC38

            Issued to: COMODO RSA Extended Validation Code Signing CA
            Issued by: COMODO RSA Certification Authority
            Expires:   Mon Dec 03 02:59:59 2029
            SHA1 hash: 351A78EBC1B4BB6DC366728D334231ABA9AE3EA7

                Issued to: Company, Inc
                Issued by: COMODO RSA Extended Validation Code Signing CA
                Expires:   ...
                SHA1 hash: ...

Done Adding Additional Store Successfully signed: mydriver.sys
  

signtool验证/ v / kp mydriver.sys

     

签名索引:0(主签名)       文件哈希(sha1):1EDBB6F9354413D1B0F1696BF713281954F75130

Signing Certificate Chain:
    Issued to: COMODO RSA Certification Authority
    Issued by: COMODO RSA Certification Authority
    Expires:   Tue Jan 19 02:59:59 2038
    SHA1 hash: AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4

        Issued to: COMODO RSA Extended Validation Code Signing CA
        Issued by: COMODO RSA Certification Authority
        Expires:   Mon Dec 03 02:59:59 2029
        SHA1 hash: 351A78EBC1B4BB6DC366728D334231ABA9AE3EA7

            Issued to: MyCompany, Inc
            Issued by: COMODO RSA Extended Validation Code Signing CA
            Expires:   ...
            SHA1 hash: ...

The signature is timestamped: Thu Oct 25 16:17:01 2018
Timestamp Verified by:
    Issued to: UTN-USERFirst-Object
    Issued by: UTN-USERFirst-Object
    Expires:   Tue Jul 09 21:40:36 2019
    SHA1 hash: E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46

        Issued to: COMODO SHA-1 Time Stamping Signer
        Issued by: UTN-USERFirst-Object
        Expires:   Tue Jul 09 21:40:36 2019
        SHA1 hash: 03A5B14663EB12023091B84A6D6A68BC871DE66B

SignTool Error: A certificate chain processed, but terminated in a root
    certificate which is not trusted by the trust provider.

Number of files successfully Verified: 0
Number of warnings: 0
Number of errors: 1

1 个答案:

答案 0 :(得分:0)

也许您应该使用验证/ ds 1 / v? / ds 1是索引1,而不是0? https://docs.microsoft.com/en-US/dotnet/framework/tools/signtool-exe