From: John Bond on
David and Tim, thanks for the additional input. I have looked at the
"AudioCodes, Inc." certificate that I have in my Personal store. I think it
is in my personal store, it can be seen via Internet Explorer: I click Tools
| Internet Options | Certificates | Other People tab | AudioCodes, Inc.
Within the certificate the Issuer is "VeriSign Class 3 Code Signing 2004 CA".
Under Enhanced Key Usage the value is "Code Signing (1.3.6.1.5.5.7.3.3). Is
there anything else I should check?

Yes, I did download the cross cert from Microsoft's page and unzipped on my
computer. The comamnd line references that .cer file. Is there something I
can do to verify that file?

I am stuck because very little of this process is clear in the docs or
examples. Is the AudioCodes, Inc. certificate in my "Personal" store even
though I have to click on the "Other People" tab in the Certificates window?

Thanks in advance. When we get this step of the process nailed down, the
release guy will codify it in batch scripts, etc., and we will be ready to go
with our push to a 64-bit driver.
--
Mr. Fixit needs your help! - John Bond , LLC


"David Craig" wrote:

> That is true, Tim. I also discovered that you can use Internet Exploder to
> view all the certificates and kill old certs. That should help him validate
> the name string. I suspect it is also case-sensitive, but I got the batch
> file from someone who had it working.
>
> "Tim Roberts" <timr(a)probo.com> wrote in message
> news:8a45e593jffak92j72ng752od61map2981(a)4ax.com...
> > John Bond <johnbond(a)newsgroup.nospam> wrote:
> >>
> >>SignTool sign /v /ac C:\Verisign\MSCV-VSClass3.cer /s my /n "AudioCodes,
> >>Inc." /t http://timestamp.verisign.com/scripts/timestamp.dll
> >>SmartWORKSDriver.sys
> >>
> >>Is giving the following error message:
> >>
> >>SignTool Error: No certificates were found that met all the given
> >>criteria.
> >>
> >>Number of files successfully Signed: 0
> >>Number of warnings: 0
> >>Number of errors: 1
> >>
> >>Is the .cer file found at:
> >>http://www.microsoft.com/whdc/winlogo/drvsign/crosscert.mspx
> >>the appropriate one to use? Or should I use the .cer I can export out of
> >>my
> >>certificate store?
> >
> > You must use the cross-certificate from Microsoft. That, of course,
> > assumes that you really do have a Verisign class 3 code-signing
> > certificate
> > in your certificate store with the name "AudioCodes, Inc.". The string
> > must match exactly.
> > --
> > Tim Roberts, timr(a)probo.com
> > Providenza & Boekelheide, Inc.

From: Tim Roberts on
John Bond <johnbond(a)newsgroup.nospam> wrote:
>
>David, are you saying that I cannot use KMDF 1.7 (WDK 6001.18002) and its
>signtool and inf2cat to produce 64-bit loadable drivers?

No, they work fine.

>If so I will upgrade to 7.0.0 WDK (KMDF 1.9??). (Did 7.0.0 reach released
>status recently? I must have had my head buried too deeply in the sand.)

Yes, it's been available for some time.
--
Tim Roberts, timr(a)probo.com
Providenza & Boekelheide, Inc.
From: Tim Roberts on
John Bond <johnbond(a)newsgroup.nospam> wrote:
>
>David and Tim, thanks for the additional input. I have looked at the
>"AudioCodes, Inc." certificate that I have in my Personal store. I think it
>is in my personal store, it can be seen via Internet Explorer: I click Tools
>| Internet Options | Certificates | Other People tab | AudioCodes, Inc.
>Within the certificate the Issuer is "VeriSign Class 3 Code Signing 2004 CA".
> Under Enhanced Key Usage the value is "Code Signing (1.3.6.1.5.5.7.3.3). Is
>there anything else I should check?

How did you install the certificate? Your signtool command line says it's
in the "My" store. Is that how you installed it? Can you find it in
certmgr.msc?
--
Tim Roberts, timr(a)probo.com
Providenza & Boekelheide, Inc.
From: John Bond on

"Tim Roberts" wrote:

> John Bond <johnbond(a)newsgroup.nospam> wrote:
> >
> >David and Tim, thanks for the additional input. I have looked at the
> >"AudioCodes, Inc." certificate that I have in my Personal store. I think it
> >is in my personal store, it can be seen via Internet Explorer: I click Tools
> >| Internet Options | Certificates | Other People tab | AudioCodes, Inc.
> >Within the certificate the Issuer is "VeriSign Class 3 Code Signing 2004 CA".
> > Under Enhanced Key Usage the value is "Code Signing (1.3.6.1.5.5.7.3.3). Is
> >there anything else I should check?
>
> How did you install the certificate? Your signtool command line says it's
> in the "My" store. Is that how you installed it? Can you find it in
> certmgr.msc?
> --
> Tim Roberts, timr(a)probo.com
> Providenza & Boekelheide, Inc.
> .
>

Tim, I installed it by double cliking the .pfx file, which brings up the
Certificate Import Wizard. I specified the Personal store and when done it
told me the import was successful. I just tried it again and this time it
asked for the password, which it had not before (why? I must have done
something slightly differently). Now I entered the pw and set the strong
protection (get user verification if an app tries to use it). It notified me
of the extra protection and told me the import was successful. I will try
the signing, again...

Interesting, now the batch file hangs after printing "Attempting to
sign:SwrxDriver.sys". So now it finds the proper store, but as the app tries
to do the deed, it is awaiting my verification, but I see no pop-up..... ahhh
now there is a pop-up. That took a while.

Cool, Tim, I now have a signed SwrxDriver.sys. What would have caused the
first install of the certificate to have put in something besides the private
key and tell me that the import was successful? I had two other people
looking over my shoulder to verify that I was following the directions.

Anyway, thanks Tim! for asking the correct questions and getting me to go
down the correct road. Perhaps the documentation needs to tell people to
expect those extra steps of entering the password...

I think we are done here. -John Bond


From: Tim Roberts on
John Bond <johnbond(a)newsgroup.nospam> wrote:
>
>Cool, Tim, I now have a signed SwrxDriver.sys. What would have caused the
>first install of the certificate to have put in something besides the private
>key and tell me that the import was successful? I had two other people
>looking over my shoulder to verify that I was following the directions.

Digital signing is a maze of twisty passages, all alike. There's a fair
amount of shooting in the dark to get to the first success, and after that
you just follow the same recipe until the end of time.
--
Tim Roberts, timr(a)probo.com
Providenza & Boekelheide, Inc.