Changes between Version 1 and Version 2 of BuildingTapWindows6


Ignore:
Timestamp:
04/19/16 09:02:57 (6 years ago)
Author:
Samuli Seppänen
Comment:

Add some notes regarding codesigning

Legend:

Unmodified
Added
Removed
Modified
  • BuildingTapWindows6

    v1 v2  
    1 Build instructions for tap-windows6 [https://github.com/OpenVPN/tap-windows6/blob/master/README.rst are available] in it's Git repo.
     1= Introduction =
     2
     3The build instructions for tap-windows6 [https://github.com/OpenVPN/tap-windows6/blob/master/README.rst are available] in it's Git repo. This page contains additional information that is more generic and not really suitable for inclusion in the main documentation.
     4
     5= Codesigning =
     6
     7Getting the [https://msdn.microsoft.com/en-us/library/windows/hardware/ff686697%28v=vs.85%29.aspx Authenticode signatures] right so that all Windows versions detect them can be quite tricky. This seems to be particularly true for kernel-mode driver packages. This section contains miscellaneous notes about signing driver packages.
     8
     9== Working with certificates and signatures in Powershell ==
     10
     11To install a PFX files to the CurrentUser certificate store:
     12{{{
     13Import-PfxCertificate –FilePath <path-to-pfx> cert:\CurrentUser\My -Password (ConvertTo-SecureString -String "mypassword" -Force –AsPlainText)
     14}}}
     15
     16To verify the Authenticode signature of a file:
     17
     18{{{
     19Get-AuthenticodeSignature <path-to-file>
     20}}}
     21Note that even if the above command says that the file's certificate is valid, there is absolutely no guarantee that various Windows versions will accept it. It is unclear whether the Cmdlet checks the entire certificate path or not: it does hang for long periods of time occasionally doing ''something''.
     22
     23== Using Signtool.exe ==
     24
     25Verifying the signature of a driver package using Signtool.exe:
     26{{{
     27signtool verify /v /kp /c tap0901.cat tap901.sys
     28}}}
     29This command should produce more useful results than the Get-AuthenticodeSignature Cmdlet.