双签名.cat文件的错误为“主题中没有签名”。 [英] Dual-sign .cat file has error "No signature was present in the subject"
问题描述
我正在使用以下命令行(使用从Symantec购买的证书对驱动程序的Windows .sys和.cat文件进行双重签名(sys和cat文件都使用相同的选项签名):
I'm dual-signing a windows .sys and .cat files for a driver using a certificate purchased from Symantec with the following command lines (the sys and cat files are both signed with the same options):
signtool.exe标志/ v / ph / n MyCorp / ac C:\Signing\VeriSign Class 3 Public Primary Certification Authority-G5。 cer / i VeriSign 3类代码签名2010 CA / t http://timestamp.verisign.com/scripts/timstamp.dll MyDriver.cat
signtool.exe标志/ v / ph / n MyCorp / ac C:\Signing\VeriSign Class 3 Public Primary Certification Authority-G5.cer / i Symantec 3类SHA256代码签名CA / tr http://timestamp.geotrust.com/tsa / as / fd sha256 / td sha256 MyDriver.cat
Signtool.exe退出时报告成功。当我通过右键单击签名文件,选择属性并转到数字签名选项卡来查看签名时,我会看到两个签名。 sha1签名似乎不错。当我查看.sys文件上的sha256证书的详细信息时,一切看起来都很好。但是,当我在.cat文件上查看sha256证书的详细信息时,会看到以下错误:
Signtool.exe reports success when it exits. When I view the signatures by right clicking the signed files, choosing Properties, go to Digital Signatures tab, then I see the two signatures. The sha1 signature seems fine. When I view the details of the sha256 certificate on the .sys file, everything looks good. But, when I view the details of the sha256 certificate on the .cat file, I see the following error:
驱动程序不会安装在我配置为认为SHA1在2015年1月1日(而不是它们到期的实际日期,即2016年1月1日)的Window7盒上)。
The driver won't install on a Window7 box that I configured to believe SHA1 was deprecated on 1st January 2015 (rather than the real date when they expire which is 1st Jan 2016).
我在 msdn页面说:
请注意,只有.sys文件可以被双重签名,因为它们是PE
文件。
Note that only .sys files can be dual signed because they are PE files.
引用试图以a回绕的方式说不能对.cat文件进行双重签名?
Is that quote trying to say in a roundabout way that .cat files cannot be dual signed?
应如何对cat文件进行签名,以便它们可以在所有版本上安装
How should cat files be signed so that they will install on all versions of windows?
推荐答案
.cat文件似乎无法进行双重签名。
我的解决方案是使用SHA256证书对.cat文件进行签名,但使用signtool命令行选项创建SHA1签名。
与驱动程序关联的.sys文件仍然可以进行双重签名。
这似乎可以在我需要的所有情况下使用。
It does seem that .cat files cannot be dual signed. My solution was to sign the .cat file using a SHA256 certificate, but with signtool command line options to create a SHA1 signature. The .sys file associated with the driver I was still able to dual sign. This seems to be working in all the scenarios I need.
这篇关于双签名.cat文件的错误为“主题中没有签名”。的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
