4 Replies - 7092 Views - Last Post: 30 June 2012 - 06:33 AM

#1 red_4900  Icon User is offline

  • Code T(h)inkers
  • member icon

Reputation: 21
  • View blog
  • Posts: 1,120
  • Joined: 22-February 08

Code/driver signing

Posted 29 June 2012 - 06:46 AM

Hi guys. :)

I don't know where this falls to since this actually falls under Windows development..

I am a bit confused here regarding signing and digital certificate. Please correct me if I am wrong.

1) There is two types of signing : code signing and driver signing. Driver must do the latter, while end-user software only needs to do the code signing.
2) Driver signing requires a digital certificate from CA (VeriSign, GlobalSign). While for code signing, we can generate our own certificate using our own generated public key.

Did I understand things correctly?

Is This A Good Question/Topic? 0
  • +

Replies To: Code/driver signing

#2 Momerath  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 1012
  • View blog
  • Posts: 2,444
  • Joined: 04-October 09

Re: Code/driver signing

Posted 29 June 2012 - 04:05 PM

You can sign with either a self-generated key or one from a certificate authority for either. Users will make the choice of accepting your certificate but if you use self-generated, it won't show as a valid certificate unless they accept it into the local CA.

If you are writing code to be used by random people outside of your business, you'd be better off getting one from a global CA.
Was This Post Helpful? 0
  • +
  • -

#3 red_4900  Icon User is offline

  • Code T(h)inkers
  • member icon

Reputation: 21
  • View blog
  • Posts: 1,120
  • Joined: 22-February 08

Re: Code/driver signing

Posted 30 June 2012 - 04:57 AM

So, we are actually free to use either certificate?

Here's my situation. I'm using FTDI driver, which is already signed by Microsoft. But the .inf is edited to cater for our hardware need, so the signature verification failed during the installation.

Now, do I sign the edited .inf with self-generated key or using the one from CA? What's the pro/con of using the two of them? When is it compulsory to use the one from CA?

Sorry, I tried to google about this, but I couldn't get any straight answer..
Was This Post Helpful? 0
  • +
  • -

#4 GunnerInc  Icon User is offline

  • "Hurry up and wait"
  • member icon




Reputation: 876
  • View blog
  • Posts: 2,312
  • Joined: 28-March 11

Re: Code/driver signing

Posted 30 June 2012 - 06:10 AM

You cannot self sign a driver. Think about it, if self signing a driver was allowed, virus and malware would have a filed day with the OS!

You also need to cross sign the driver with a MS cert. When you get your cert from a CA, you can also get the cross signing cert from them.

I sure as hell wouldn't want/allow a self signed driver anywhere near my computer.

On the ini. No you cannot sign a text file.

Sure the certs are expensive but that is to keep the rif raf from getting them. Look around for deals, I caught a great deal a few years ago and couldn't turn it down.
Was This Post Helpful? 0
  • +
  • -

#5 red_4900  Icon User is offline

  • Code T(h)inkers
  • member icon

Reputation: 21
  • View blog
  • Posts: 1,120
  • Joined: 22-February 08

Re: Code/driver signing

Posted 30 June 2012 - 06:33 AM

Actually my company does have the cert from the CA, although I don't know who holds that currently.. :P

Okay, I can't sign the .inf file. So, I need to sign the install file instead? (the .exe file) Do I need to sign the install file using the cert from CA, or I can just sign it using our own cert? The underlying driver is already signed by Microsoft anyway.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1