Информация об изменениях

Сообщение Подписи драйверов от 25.10.2018 13:22

Изменено 25.10.2018 13:52 _NN_

Подписи драйверов
Пытаюсь провести кросс-подпись драйвера.
Вроде как работает отлично:

>signtool sign /v /ac comodorsacertificationauthority_kmod.crt /tr http://timestamp.comodoca.com/rfc3161 mydriver.sys

The following certificate was selected:
    Issued to: Company, Inc
    Issued by: COMODO RSA Extended Validation Code Signing CA
    Expires:   >..
    SHA1 hash: ....

Cross certificate chain (using machine store):
    Issued to: Microsoft Code Verification Root
    Issued by: Microsoft Code Verification Root
    Expires:   Sat Nov 01 16:54:03 2025
    SHA1 hash: 8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3

        Issued to: COMODO RSA Certification Authority
        Issued by: Microsoft Code Verification Root
        Expires:   Mon Apr 12 01:16:20 2021
        SHA1 hash: 106870659C069F248C8C0A05ACD871CABEB3CC38

            Issued to: COMODO RSA Extended Validation Code Signing CA
            Issued by: COMODO RSA Certification Authority
            Expires:   Mon Dec 03 02:59:59 2029
            SHA1 hash: 351A78EBC1B4BB6DC366728D334231ABA9AE3EA7

                Issued to: Company, Inc
                Issued by: COMODO RSA Extended Validation Code Signing CA
                Expires:   ...
                SHA1 hash: ...

Done Adding Additional Store
Successfully signed: mydriver.sys


А signtool verify не проходит

>signtool verify  /v  /kp  mydriver.sys

Signature Index: 0 (Primary Signature)
Hash of file (sha1): 1EDBB6F9354413D1B0F1696BF713281954F75130

Signing Certificate Chain:
    Issued to: COMODO RSA Certification Authority
    Issued by: COMODO RSA Certification Authority
    Expires:   Tue Jan 19 02:59:59 2038
    SHA1 hash: AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4

        Issued to: COMODO RSA Extended Validation Code Signing CA
        Issued by: COMODO RSA Certification Authority
        Expires:   Mon Dec 03 02:59:59 2029
        SHA1 hash: 351A78EBC1B4BB6DC366728D334231ABA9AE3EA7

            Issued to: MyCompany, Inc
            Issued by: COMODO RSA Extended Validation Code Signing CA
            Expires:   ...
            SHA1 hash: ...

The signature is timestamped: Thu Oct 25 16:17:01 2018
Timestamp Verified by:
    Issued to: UTN-USERFirst-Object
    Issued by: UTN-USERFirst-Object
    Expires:   Tue Jul 09 21:40:36 2019
    SHA1 hash: E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46

        Issued to: COMODO SHA-1 Time Stamping Signer
        Issued by: UTN-USERFirst-Object
        Expires:   Tue Jul 09 21:40:36 2019
        SHA1 hash: 03A5B14663EB12023091B84A6D6A68BC871DE66B

SignTool Error: The signing certificate is not valid for the requested usage.

Number of files successfully Verified: 0
Number of warnings: 0
Number of errors: 1


ЧЯДН ?
Подписи драйверов
Пытаюсь провести кросс-подпись драйвера.
Вроде как работает отлично:

>signtool sign /v /ac comodorsacertificationauthority_kmod.crt /tr http://timestamp.comodoca.com/rfc3161 mydriver.sys

The following certificate was selected:
    Issued to: Company, Inc
    Issued by: COMODO RSA Extended Validation Code Signing CA
    Expires:   >..
    SHA1 hash: ....

Cross certificate chain (using machine store):
    Issued to: Microsoft Code Verification Root
    Issued by: Microsoft Code Verification Root
    Expires:   Sat Nov 01 16:54:03 2025
    SHA1 hash: 8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3

        Issued to: COMODO RSA Certification Authority
        Issued by: Microsoft Code Verification Root
        Expires:   Mon Apr 12 01:16:20 2021
        SHA1 hash: 106870659C069F248C8C0A05ACD871CABEB3CC38

            Issued to: COMODO RSA Extended Validation Code Signing CA
            Issued by: COMODO RSA Certification Authority
            Expires:   Mon Dec 03 02:59:59 2029
            SHA1 hash: 351A78EBC1B4BB6DC366728D334231ABA9AE3EA7

                Issued to: Company, Inc
                Issued by: COMODO RSA Extended Validation Code Signing CA
                Expires:   ...
                SHA1 hash: ...

Done Adding Additional Store
Successfully signed: mydriver.sys


А signtool verify не проходит

>signtool verify  /v  /kp  mydriver.sys

Signature Index: 0 (Primary Signature)
Hash of file (sha1): 1EDBB6F9354413D1B0F1696BF713281954F75130

Signing Certificate Chain:
    Issued to: COMODO RSA Certification Authority
    Issued by: COMODO RSA Certification Authority
    Expires:   Tue Jan 19 02:59:59 2038
    SHA1 hash: AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4

        Issued to: COMODO RSA Extended Validation Code Signing CA
        Issued by: COMODO RSA Certification Authority
        Expires:   Mon Dec 03 02:59:59 2029
        SHA1 hash: 351A78EBC1B4BB6DC366728D334231ABA9AE3EA7

            Issued to: MyCompany, Inc
            Issued by: COMODO RSA Extended Validation Code Signing CA
            Expires:   ...
            SHA1 hash: ...

The signature is timestamped: Thu Oct 25 16:17:01 2018
Timestamp Verified by:
    Issued to: UTN-USERFirst-Object
    Issued by: UTN-USERFirst-Object
    Expires:   Tue Jul 09 21:40:36 2019
    SHA1 hash: E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46

        Issued to: COMODO SHA-1 Time Stamping Signer
        Issued by: UTN-USERFirst-Object
        Expires:   Tue Jul 09 21:40:36 2019
        SHA1 hash: 03A5B14663EB12023091B84A6D6A68BC871DE66B

SignTool Error: A certificate chain processed, but terminated in a root
        certificate which is not trusted by the trust provider.

Number of files successfully Verified: 0
Number of warnings: 0
Number of errors: 1


ЧЯДН ?