Version 2 (modified by 8 years ago) (diff) | ,
---|
Introduction
The build instructions for tap-windows6 are available in it's Git repo. This page contains additional information that is more generic and not really suitable for inclusion in the main documentation.
Codesigning
Getting the Authenticode signatures right so that all Windows versions detect them can be quite tricky. This seems to be particularly true for kernel-mode driver packages. This section contains miscellaneous notes about signing driver packages.
Working with certificates and signatures in Powershell
To install a PFX files to the CurrentUser? certificate store:
Import-PfxCertificate –FilePath <path-to-pfx> cert:\CurrentUser\My -Password (ConvertTo-SecureString -String "mypassword" -Force –AsPlainText)
To verify the Authenticode signature of a file:
Get-AuthenticodeSignature <path-to-file>
Note that even if the above command says that the file's certificate is valid, there is absolutely no guarantee that various Windows versions will accept it. It is unclear whether the Cmdlet checks the entire certificate path or not: it does hang for long periods of time occasionally doing something.
Using Signtool.exe
Verifying the signature of a driver package using Signtool.exe:
signtool verify /v /kp /c tap0901.cat tap901.sys
This command should produce more useful results than the Get-AuthenticodeSignature? Cmdlet.