Have purchased a digital signature why still hint when driver installation "Windows cannot verify the driver software issuers"

After purchased the digital signature, which in turn to sys, DLL, cat signed
Signtool also verify the signature right

Right click on the properties of each file, also can see the digital signature

But when install the driver still hint, don't know if there is no need to do thank you

CodePudding user response:

Your driver signature algorithm is sha2 or sha1? Should be sha2, on some systems is likely to appear this kind of circumstance, such as win10 some systems, like 16 xx, the home version, it cannot identify sha2 driver signature, but can identify the sha1, very waste, some of the Windows 7 system if there is no special patch can only identify the sha1, sha2 signature is no problem in theory, but the system has a Bug you didn't also way, so a lot of sys file signature are double signature, which have two digital signature, at the same time a sha2, a sha1, so as to avoid problems, but the double signature need special signature tool support, seemingly separate buy, no signtool,

CodePudding user response:

According to the different platforms?

CodePudding user response:

Buy a fake?

CodePudding user response:

I always feel signature is "shooting themselves in the foot,"

CodePudding user response:

I began to use SHA1 later to SHA256 or not
Said win10 digital signature policy change?
https://docs.microsoft.com/en-us/windows-hardware/drivers/install/kernel-mode-code-signing-policy - Windows vista - and - later -

CodePudding user response:

First signature DLL, sys, exe, finally the cat was generated according to the sign good, finally sign the cat

CodePudding user response:

Signature before I don't seem to have encountered this kind of situation, can use normally after sign the success, multiple versions of the OS is no problem,
But I an ocx controls, not driver

Upstairs said win10, this I didn't pay attention to

CodePudding user response:

refer to 7th floor JSZJ response:

signature before I don't seem to have encountered this kind of circumstance, can use normally after sign the success, all have no problem on multiple versions of the OS,
But I an ocx controls, not driver

Upstairs said win10, this I didn't pay attention to the

As the signature of the method, and now finally use sha1, sha2 signature, we drive in sha1, WIN10 also can

CodePudding user response:

The question now was the least wn10 install the driver no problem, Windows 7 is the driver installation is not successful device manager has warned
Asked the certified agency (symantec), Windows 7 only support sha1, does not support sha256, issued by the signatures are sha256 now
The solution is to either buy SHA1 double signature (but SHA1 can only buy a year, I want to do a year later, he said that they may be behind, there is no SHA1)
Either to the system patch, I according to the link to download patch installation said the system does not support,,
Can you tell me the Windows 7 should patch? Then I let the computer to do the full update found also not line,,,

CodePudding user response:

references 9 f shakaqrj response:

problem was the least wn10 install the driver no problem now, Windows 7 is the driver installation is not successful device manager has warned
Asked the certified agency (symantec), Windows 7 only support sha1, does not support sha256, issued by the signatures are sha256 now
The solution is to either buy SHA1 double signature (but SHA1 can only buy a year, I want to do a year later, he said that they may be behind, there is no SHA1)
Either to the system patch, I according to the link to download patch installation said the system does not support,,
Can you tell me the Windows 7 should patch? Then I let the computer to do all the updates and found also not line,,,

Obviously you are a stone to the feet,

CodePudding user response:

How should that do?

CodePudding user response:

With win10 signtool, support double signature
If the supplier give you updated support double signature certificate
Signtool. Exesign/f codesign. Sha1. A. d. ll PFX/passwd p/t http://timestamp.globalsign.com/scripts/timestamp.dll
Signtool. Exe sign/f codesign. Sha256. PFX/passwd p/as/fd sha256/tr http://timestamp.globalsign.com/? Signature=sha2/td sha256 a. d. ll

CodePudding user response:

Is not the problem of signing certificate or certificate of algorithmic problems, also need to complete WHQL certification after signature, just not this prompt

CodePudding user response:

reference 1st floor mdcire response:

your driver signature algorithm is sha2 or sha1? Should be sha2, on some systems is likely to appear this kind of circumstance, such as win10 some systems, like 16 xx, the home version, it cannot identify sha2 driver signature, but can identify the sha1, very waste, some of the Windows 7 system if there is no special patch can only identify the sha1, sha2 signature is no problem in theory, but the system has a Bug you didn't also way, so a lot of the signature of the sys files are double signature, which have two digital signature, at the same time a sha2, a sha1, so as to avoid problems, but the double signature need special signature tool support, seemingly separate buy, no signtool,

Right, I have been in Windows 7 64 - bit systems are installed on the drive with a digital signature is always an error, unable to verify the signature, on the system after the installation of a patch is normal, look at the content, increase the support of signature algorithm sha2,
But I see online said to install patches always fail, you can have a look at Microsoft's anomalies and solution
The patch name: Windows 7 security updates (KB3033929)
Patch link: https://www.microsoft.com/zh-cn/download/details.aspx? Id=46078
Problems and solutions: https://support.microsoft.com/zh-cn/help/3033929/microsoft-security-advisory-availability-of-sha-2-code-signing-support