| 1 | | Build instructions for tap-windows6 [https://github.com/OpenVPN/tap-windows6/blob/master/README.rst are available] in it's Git repo. |
| | 1 | = Introduction = |
| | 2 | |
| | 3 | The build instructions for tap-windows6 [https://github.com/OpenVPN/tap-windows6/blob/master/README.rst are available] in it's Git repo. This page contains additional information that is more generic and not really suitable for inclusion in the main documentation. |
| | 4 | |
| | 5 | = Codesigning = |
| | 6 | |
| | 7 | Getting the [https://msdn.microsoft.com/en-us/library/windows/hardware/ff686697%28v=vs.85%29.aspx Authenticode signatures] right so that all Windows versions detect them can be quite tricky. This seems to be particularly true for kernel-mode driver packages. This section contains miscellaneous notes about signing driver packages. |
| | 8 | |
| | 9 | == Working with certificates and signatures in Powershell == |
| | 10 | |
| | 11 | To install a PFX files to the CurrentUser certificate store: |
| | 12 | {{{ |
| | 13 | Import-PfxCertificate –FilePath <path-to-pfx> cert:\CurrentUser\My -Password (ConvertTo-SecureString -String "mypassword" -Force –AsPlainText) |
| | 14 | }}} |
| | 15 | |
| | 16 | To verify the Authenticode signature of a file: |
| | 17 | |
| | 18 | {{{ |
| | 19 | Get-AuthenticodeSignature <path-to-file> |
| | 20 | }}} |
| | 21 | Note that even if the above command says that the file's certificate is valid, there is absolutely no guarantee that various Windows versions will accept it. It is unclear whether the Cmdlet checks the entire certificate path or not: it does hang for long periods of time occasionally doing ''something''. |
| | 22 | |
| | 23 | == Using Signtool.exe == |
| | 24 | |
| | 25 | Verifying the signature of a driver package using Signtool.exe: |
| | 26 | {{{ |
| | 27 | signtool verify /v /kp /c tap0901.cat tap901.sys |
| | 28 | }}} |
| | 29 | This command should produce more useful results than the Get-AuthenticodeSignature Cmdlet. |
