Changes between Version 3 and Version 4 of BuildingTapWindows6


Ignore:
Timestamp:
04/19/16 09:30:48 (6 years ago)
Author:
Samuli Seppänen
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • BuildingTapWindows6

    v3 v4  
    4545'''NOTE:''' According to Microsoft Inf2Cat requires a full path to the driver directory.
    4646
    47 == Adding signatures using signtool.exe ==
     47== Signing files with signtool.exe ==
    4848
    49 Adding a signature using a (non-EV) certificate stored in a pfx file. This bypasses the Windows certificate store entirely, thus simplifying things a bit:
    50 
     49Sign a file using a (non-EV) certificate stored in a pfx file. Note that this process is not suitable for EV certificates, which are probably all stored in some sort of dongle and thus only visible through the Windows Certificate Store:
    5150{{{
    52 signtool.exe sign /v /ac <cross-certificate> /t <timestamp-url> /f <pfx-file> /p <pfx-password> <drivername>.cat
     51signtool.exe sign /v /ac <cross-certificate> /t <timestamp-url> /f <pfx-file> /p <pfx-password> <file>
    5352}}}
    54 Example:
     53Sign a driver with the "best" certificate found from the certificate store. This should work if there is only code-signing certificate in the store:
    5554{{{
    56 signtool sign /v /ac digicert-cross-cert.crt /t http://timestamp.digicert.com /f kernel-mode.pfx /p <password> tap6/amd64/tap0901.cat
     55signtool.exe sign /v /ac <cross-certificate> /t <timestamp-url> /a <file>
     56}}}
     57Sign a driver using a certificate under ''Currentuser\My'', selecting the right certificate based on a substring of the certificate's subjectname:
     58{{{
     59signtool.exe sign /v /ac <cross-certificate> /t <timestamp-url> /s My -n <subjectname> <file>
     60}}}
     61Examples:
     62{{{
     63signtool.exe sign /v /ac digicert-cross-cert.crt /t http://timestamp.digicert.com /f kernel-mode.pfx /p <password> tap6/amd64/tap0901.cat
     64signtool.exe sign /v /ac digicert-cross-cert.crt /t http://timestamp.digicert.com /s My -n <subjectname> tap6/amd64/tap0901.cat
    5765}}}
    5866