Prev: WinUsb and WHQL signing
Next: USB device emulation
From: Denis on 5 Nov 2009 11:40 This is my understanding so far, feel free to correct me if I am wrong. Looking at my issue and others similar to mine as well as all the documentation I read so far. That is in the context of 64 Bit Vista/7 The Logo certification is not mandatory in order to load a USB driver. In order to load the package must be signed with a KMCS signature. The KMCS signature is made based on a certification purchased from an authorized CA vendor, and a Cross Certificate obtain found at: http://www.microsoft.com/whdc/winlogo/drvsign/crosscert.mspx Must also use the signtool provided in the latest WDK (such as WDK 7600.16385.0) Now my situation and dilemma is at this point: I have bought a VeriSign Authenticode certification. Convert and import my spc file in my personal store. Now when I try to sign my driver I am getting this error. SignTool sign /v /ac C:\Verisign\MSCV-VSClass3.cer /s my /n "DATAWIND NET ACCESS CORPORATION" /t http://timestamp.verisign.com/scripts/timestamp.dll MyUsb.sys The following certificate was selected: Issued to: DATAWIND NET ACCESS CORPORATION Issued by: VeriSign Class 3 Code Signing 2009-2 CA Expires: Wed Sep 22 18:59:59 2010 SHA1 hash: 196399AA62717B1430405533474B44BDFD13C947 SignTool Error: An unexpected internal error has occurred. Error information: "CryptQueryObject" (-2147024893/0x80070003) I am stuck help if you please? Denis
From: Gianluca Varenni on 6 Nov 2009 01:07 I would probably try removing the cross-signing (/ac c:\verisign\mscv-vsclass3.cer) and the timestamping (/t http....) and see if still fails. And then add those two parameters one by one. Just my two cents GV "Denis @ TheOffice" <denisco(a)ica.net> wrote in message news:%23X9r$ajXKHA.408(a)TK2MSFTNGP04.phx.gbl... > This is my understanding so far, feel free to correct me if I am wrong. > Looking at my issue and others similar to mine as well as all the > documentation I read so far. > That is in the context of 64 Bit Vista/7 > > The Logo certification is not mandatory in order to load a USB driver. > In order to load the package must be signed with a KMCS signature. > > The KMCS signature is made based on a certification purchased from an > authorized CA vendor, > and a Cross Certificate obtain found at: > http://www.microsoft.com/whdc/winlogo/drvsign/crosscert.mspx > > Must also use the signtool provided in the latest WDK (such as WDK > 7600.16385.0) > > Now my situation and dilemma is at this point: > I have bought a VeriSign Authenticode certification. > Convert and import my spc file in my personal store. > > Now when I try to sign my driver I am getting this error. > > SignTool sign /v /ac C:\Verisign\MSCV-VSClass3.cer /s my /n "DATAWIND NET > ACCESS CORPORATION" > /t http://timestamp.verisign.com/scripts/timestamp.dll MyUsb.sys > The following certificate was selected: > Issued to: DATAWIND NET ACCESS CORPORATION > Issued by: VeriSign Class 3 Code Signing 2009-2 CA > Expires: Wed Sep 22 18:59:59 2010 > SHA1 hash: 196399AA62717B1430405533474B44BDFD13C947 > > SignTool Error: An unexpected internal error has occurred. > Error information: "CryptQueryObject" (-2147024893/0x80070003) > > > I am stuck help if you please? > Denis > >
From: David Craig on 6 Nov 2009 01:51 Main batch file: call signem.bat objchk_win7_amd64\amd64 7_X64,Vista_X64,XP_X64 call signem.bat objfre_win7_amd64\amd64 7_X64,Vista_X64,XP_X64 call signem.bat objchk_win7_x86\i386 7_X86,Vista_X86,XP_X86 call signem.bat objfre_win7_x86\i386 7_X86,Vista_X86,XP_X86 signem.bat: @echo off set PATH=%PATH%;c:\WINDDK\7600.16385.0\bin\x86;c:\WINDDK\7600.16385.0\bin\SelfSign inf2cat /drv:%1 /os:%2 /verbose @echo **************************************************************** @echo * Signing catalog files * @echo **************************************************************** for /r %1 %%I in (*.cat *.sys) do ( @echo signing %%I signtool sign /v /ac C:\Depot\dk\win\verisign\MSCV-VSClass3.cer /s my /n "My Company" /t http://timestamp.verisign.com/scripts/timestamp.dll %%I ) I don't see any attempt to sign or create a cat file. It does a lot of checking in the inf2cat program that may catch some errors in the inf. "Gianluca Varenni" <gianluca.varenni(a)community.nospam> wrote in message news:%23QgmudqXKHA.4688(a)TK2MSFTNGP06.phx.gbl... >I would probably try removing the cross-signing (/ac >c:\verisign\mscv-vsclass3.cer) and the timestamping (/t http....) and see >if still fails. And then add those two parameters one by one. > > Just my two cents > GV > > "Denis @ TheOffice" <denisco(a)ica.net> wrote in message > news:%23X9r$ajXKHA.408(a)TK2MSFTNGP04.phx.gbl... >> This is my understanding so far, feel free to correct me if I am wrong. >> Looking at my issue and others similar to mine as well as all the >> documentation I read so far. >> That is in the context of 64 Bit Vista/7 >> >> The Logo certification is not mandatory in order to load a USB driver. >> In order to load the package must be signed with a KMCS signature. >> >> The KMCS signature is made based on a certification purchased from an >> authorized CA vendor, >> and a Cross Certificate obtain found at: >> http://www.microsoft.com/whdc/winlogo/drvsign/crosscert.mspx >> >> Must also use the signtool provided in the latest WDK (such as WDK >> 7600.16385.0) >> >> Now my situation and dilemma is at this point: >> I have bought a VeriSign Authenticode certification. >> Convert and import my spc file in my personal store. >> >> Now when I try to sign my driver I am getting this error. >> >> SignTool sign /v /ac C:\Verisign\MSCV-VSClass3.cer /s my /n "DATAWIND NET >> ACCESS CORPORATION" >> /t http://timestamp.verisign.com/scripts/timestamp.dll MyUsb.sys >> The following certificate was selected: >> Issued to: DATAWIND NET ACCESS CORPORATION >> Issued by: VeriSign Class 3 Code Signing 2009-2 CA >> Expires: Wed Sep 22 18:59:59 2010 >> SHA1 hash: 196399AA62717B1430405533474B44BDFD13C947 >> >> SignTool Error: An unexpected internal error has occurred. >> Error information: "CryptQueryObject" (-2147024893/0x80070003) >> >> >> I am stuck help if you please? >> Denis >> >> > >
From: Gianluca Varenni on 6 Nov 2009 12:43 The OP is actually trying to sign the sys file itself, so inf2cat is not involved in this case. GV "David Craig" <drivers(a)nospam.nospam> wrote in message news:O4vMh2qXKHA.4688(a)TK2MSFTNGP06.phx.gbl... > Main batch file: > call signem.bat objchk_win7_amd64\amd64 7_X64,Vista_X64,XP_X64 > call signem.bat objfre_win7_amd64\amd64 7_X64,Vista_X64,XP_X64 > call signem.bat objchk_win7_x86\i386 7_X86,Vista_X86,XP_X86 > call signem.bat objfre_win7_x86\i386 7_X86,Vista_X86,XP_X86 > > signem.bat: > @echo off > set > PATH=%PATH%;c:\WINDDK\7600.16385.0\bin\x86;c:\WINDDK\7600.16385.0\bin\SelfSign > inf2cat /drv:%1 /os:%2 /verbose > > @echo **************************************************************** > @echo * Signing catalog files * > @echo **************************************************************** > for /r %1 %%I in (*.cat *.sys) do ( > @echo signing %%I > signtool sign /v /ac C:\Depot\dk\win\verisign\MSCV-VSClass3.cer /s my > /n "My Company" /t http://timestamp.verisign.com/scripts/timestamp.dll %%I > ) > > > I don't see any attempt to sign or create a cat file. It does a lot of > checking in the inf2cat program that may catch some errors in the inf. > > > "Gianluca Varenni" <gianluca.varenni(a)community.nospam> wrote in message > news:%23QgmudqXKHA.4688(a)TK2MSFTNGP06.phx.gbl... >>I would probably try removing the cross-signing (/ac >>c:\verisign\mscv-vsclass3.cer) and the timestamping (/t http....) and see >>if still fails. And then add those two parameters one by one. >> >> Just my two cents >> GV >> >> "Denis @ TheOffice" <denisco(a)ica.net> wrote in message >> news:%23X9r$ajXKHA.408(a)TK2MSFTNGP04.phx.gbl... >>> This is my understanding so far, feel free to correct me if I am wrong. >>> Looking at my issue and others similar to mine as well as all the >>> documentation I read so far. >>> That is in the context of 64 Bit Vista/7 >>> >>> The Logo certification is not mandatory in order to load a USB driver. >>> In order to load the package must be signed with a KMCS signature. >>> >>> The KMCS signature is made based on a certification purchased from an >>> authorized CA vendor, >>> and a Cross Certificate obtain found at: >>> http://www.microsoft.com/whdc/winlogo/drvsign/crosscert.mspx >>> >>> Must also use the signtool provided in the latest WDK (such as WDK >>> 7600.16385.0) >>> >>> Now my situation and dilemma is at this point: >>> I have bought a VeriSign Authenticode certification. >>> Convert and import my spc file in my personal store. >>> >>> Now when I try to sign my driver I am getting this error. >>> >>> SignTool sign /v /ac C:\Verisign\MSCV-VSClass3.cer /s my /n "DATAWIND >>> NET ACCESS CORPORATION" >>> /t http://timestamp.verisign.com/scripts/timestamp.dll MyUsb.sys >>> The following certificate was selected: >>> Issued to: DATAWIND NET ACCESS CORPORATION >>> Issued by: VeriSign Class 3 Code Signing 2009-2 CA >>> Expires: Wed Sep 22 18:59:59 2010 >>> SHA1 hash: 196399AA62717B1430405533474B44BDFD13C947 >>> >>> SignTool Error: An unexpected internal error has occurred. >>> Error information: "CryptQueryObject" (-2147024893/0x80070003) >>> >>> >>> I am stuck help if you please? >>> Denis >>> >>> >> >> > >
From: David Craig on 6 Nov 2009 14:16
Yes, I saw that but since I KNOW that doing the inf and cat signing works, maybe it is just a good idea to do it all and take what you need. The batch files I use do both - note the 'for' loop. "Gianluca Varenni" <gianluca.varenni(a)community.nospam> wrote in message news:etkJwiwXKHA.5368(a)TK2MSFTNGP02.phx.gbl... > The OP is actually trying to sign the sys file itself, so inf2cat is not > involved in this case. > > GV > > "David Craig" <drivers(a)nospam.nospam> wrote in message > news:O4vMh2qXKHA.4688(a)TK2MSFTNGP06.phx.gbl... >> Main batch file: >> call signem.bat objchk_win7_amd64\amd64 7_X64,Vista_X64,XP_X64 >> call signem.bat objfre_win7_amd64\amd64 7_X64,Vista_X64,XP_X64 >> call signem.bat objchk_win7_x86\i386 7_X86,Vista_X86,XP_X86 >> call signem.bat objfre_win7_x86\i386 7_X86,Vista_X86,XP_X86 >> >> signem.bat: >> @echo off >> set >> PATH=%PATH%;c:\WINDDK\7600.16385.0\bin\x86;c:\WINDDK\7600.16385.0\bin\SelfSign >> inf2cat /drv:%1 /os:%2 /verbose >> >> @echo **************************************************************** >> @echo * Signing catalog files * >> @echo **************************************************************** >> for /r %1 %%I in (*.cat *.sys) do ( >> @echo signing %%I >> signtool sign /v /ac C:\Depot\dk\win\verisign\MSCV-VSClass3.cer /s my >> /n "My Company" /t http://timestamp.verisign.com/scripts/timestamp.dll >> %%I >> ) >> >> >> I don't see any attempt to sign or create a cat file. It does a lot of >> checking in the inf2cat program that may catch some errors in the inf. >> >> >> "Gianluca Varenni" <gianluca.varenni(a)community.nospam> wrote in message >> news:%23QgmudqXKHA.4688(a)TK2MSFTNGP06.phx.gbl... >>>I would probably try removing the cross-signing (/ac >>>c:\verisign\mscv-vsclass3.cer) and the timestamping (/t http....) and see >>>if still fails. And then add those two parameters one by one. >>> >>> Just my two cents >>> GV >>> >>> "Denis @ TheOffice" <denisco(a)ica.net> wrote in message >>> news:%23X9r$ajXKHA.408(a)TK2MSFTNGP04.phx.gbl... >>>> This is my understanding so far, feel free to correct me if I am wrong. >>>> Looking at my issue and others similar to mine as well as all the >>>> documentation I read so far. >>>> That is in the context of 64 Bit Vista/7 >>>> >>>> The Logo certification is not mandatory in order to load a USB driver. >>>> In order to load the package must be signed with a KMCS signature. >>>> >>>> The KMCS signature is made based on a certification purchased from an >>>> authorized CA vendor, >>>> and a Cross Certificate obtain found at: >>>> http://www.microsoft.com/whdc/winlogo/drvsign/crosscert.mspx >>>> >>>> Must also use the signtool provided in the latest WDK (such as WDK >>>> 7600.16385.0) >>>> >>>> Now my situation and dilemma is at this point: >>>> I have bought a VeriSign Authenticode certification. >>>> Convert and import my spc file in my personal store. >>>> >>>> Now when I try to sign my driver I am getting this error. >>>> >>>> SignTool sign /v /ac C:\Verisign\MSCV-VSClass3.cer /s my /n "DATAWIND >>>> NET ACCESS CORPORATION" >>>> /t http://timestamp.verisign.com/scripts/timestamp.dll MyUsb.sys >>>> The following certificate was selected: >>>> Issued to: DATAWIND NET ACCESS CORPORATION >>>> Issued by: VeriSign Class 3 Code Signing 2009-2 CA >>>> Expires: Wed Sep 22 18:59:59 2010 >>>> SHA1 hash: 196399AA62717B1430405533474B44BDFD13C947 >>>> >>>> SignTool Error: An unexpected internal error has occurred. >>>> Error information: "CryptQueryObject" (-2147024893/0x80070003) >>>> >>>> >>>> I am stuck help if you please? >>>> Denis >>>> >>>> >>> >>> >> >> > > |