1

適切に署名されているように見える 2 つのドライバー ファイルがあります。

bobbarker@bobbarker-PC /cygdrive/c/Users/bobbarker/Desktop
$ ./SignTool.exe verify /kp /v /ph /d truecrypt.sys

Verifying: truecrypt.sys
Hash of file (sha1): 8562AC6F95298C1904DFC0B579C51CBB414D13C9

Signing Certificate Chain:
    Issued to: AddTrust External CA Root
    Issued by: AddTrust External CA Root
    Expires:   Sat May 30 05:48:38 2020
    SHA1 hash: 02FAF3E291435468607857694DF5E45B68851868

        Issued to: COMODO RSA Certification Authority
        Issued by: AddTrust External CA Root
        Expires:   Sat May 30 05:48:38 2020
        SHA1 hash: F5AD0BCC1AD56CD150725B1C866C30AD92EF21B0

            Issued to: COMODO RSA Code Signing CA
            Issued by: COMODO RSA Certification Authority
            Expires:   Mon May 08 18:59:59 2028
            SHA1 hash: B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47

                Issued to: Jason Pyeron
                Issued by: COMODO RSA Code Signing CA
                Expires:   Wed Sep 16 18:59:59 2015
                SHA1 hash: 535A507A767922BE8C9BF959BCD2179DE626AAA4

The signature is timestamped: Tue Dec 30 00:29:01 2014
Timestamp Verified by:
    Issued to: Thawte Timestamping CA
    Issued by: Thawte Timestamping CA
    Expires:   Thu Dec 31 18:59:59 2020
    SHA1 hash: BE36A4562FB2EE05DBB3D32323ADF445084ED656

        Issued to: Symantec Time Stamping Services CA - G2
        Issued by: Thawte Timestamping CA
        Expires:   Wed Dec 30 18:59:59 2020
        SHA1 hash: 6C07453FFDDA08B83707C09B82FB3D15F35336B1

            Issued to: Symantec Time Stamping Services Signer - G4
            Issued by: Symantec Time Stamping Services CA - G2
            Expires:   Tue Dec 29 18:59:59 2020
            SHA1 hash: 65439929B67973EB192D6FF243E6767ADF0834E4

Cross Certificate Chain:
    Issued to: Microsoft Code Verification Root
    Issued by: Microsoft Code Verification Root
    Expires:   Sat Nov 01 08:54:03 2025
    SHA1 hash: 8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3

        Issued to: AddTrust External CA Root
        Issued by: Microsoft Code Verification Root
        Expires:   Tue Aug 15 15:36:30 2023
        SHA1 hash: A75AC657AA7A4CDFE5F9DE393E69EFCAB659D250

            Issued to: COMODO RSA Certification Authority
            Issued by: AddTrust External CA Root
            Expires:   Sat May 30 05:48:38 2020
            SHA1 hash: F5AD0BCC1AD56CD150725B1C866C30AD92EF21B0

                Issued to: COMODO RSA Code Signing CA
                Issued by: COMODO RSA Certification Authority
                Expires:   Mon May 08 18:59:59 2028
                SHA1 hash: B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47

                    Issued to: Jason Pyeron
                    Issued by: COMODO RSA Code Signing CA
                    Expires:   Wed Sep 16 18:59:59 2015
                    SHA1 hash: 535A507A767922BE8C9BF959BCD2179DE626AAA4

Successfully verified: truecrypt.sys

Number of files successfully Verified: 1
Number of warnings: 0
Number of errors: 0

bobbarker@bobbarker-PC /cygdrive/c/Users/bobbarker/Desktop
$ ./SignTool.exe verify /kp /v /ph /d truecrypt-x64.sys

Verifying: truecrypt-x64.sys
Hash of file (sha1): 5B9B534E682A8768F404B1A1CBFD9ACC98B8E195

Signing Certificate Chain:
    Issued to: AddTrust External CA Root
    Issued by: AddTrust External CA Root
    Expires:   Sat May 30 05:48:38 2020
    SHA1 hash: 02FAF3E291435468607857694DF5E45B68851868

        Issued to: COMODO RSA Certification Authority
        Issued by: AddTrust External CA Root
        Expires:   Sat May 30 05:48:38 2020
        SHA1 hash: F5AD0BCC1AD56CD150725B1C866C30AD92EF21B0

            Issued to: COMODO RSA Code Signing CA
            Issued by: COMODO RSA Certification Authority
            Expires:   Mon May 08 18:59:59 2028
            SHA1 hash: B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47

                Issued to: Jason Pyeron
                Issued by: COMODO RSA Code Signing CA
                Expires:   Wed Sep 16 18:59:59 2015
                SHA1 hash: 535A507A767922BE8C9BF959BCD2179DE626AAA4

The signature is timestamped: Tue Dec 30 00:28:52 2014
Timestamp Verified by:
    Issued to: Thawte Timestamping CA
    Issued by: Thawte Timestamping CA
    Expires:   Thu Dec 31 18:59:59 2020
    SHA1 hash: BE36A4562FB2EE05DBB3D32323ADF445084ED656

        Issued to: Symantec Time Stamping Services CA - G2
        Issued by: Thawte Timestamping CA
        Expires:   Wed Dec 30 18:59:59 2020
        SHA1 hash: 6C07453FFDDA08B83707C09B82FB3D15F35336B1

            Issued to: Symantec Time Stamping Services Signer - G4
            Issued by: Symantec Time Stamping Services CA - G2
            Expires:   Tue Dec 29 18:59:59 2020
            SHA1 hash: 65439929B67973EB192D6FF243E6767ADF0834E4

Cross Certificate Chain:
    Issued to: Microsoft Code Verification Root
    Issued by: Microsoft Code Verification Root
    Expires:   Sat Nov 01 08:54:03 2025
    SHA1 hash: 8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3

        Issued to: AddTrust External CA Root
        Issued by: Microsoft Code Verification Root
        Expires:   Tue Aug 15 15:36:30 2023
        SHA1 hash: A75AC657AA7A4CDFE5F9DE393E69EFCAB659D250

            Issued to: COMODO RSA Certification Authority
            Issued by: AddTrust External CA Root
            Expires:   Sat May 30 05:48:38 2020
            SHA1 hash: F5AD0BCC1AD56CD150725B1C866C30AD92EF21B0

                Issued to: COMODO RSA Code Signing CA
                Issued by: COMODO RSA Certification Authority
                Expires:   Mon May 08 18:59:59 2028
                SHA1 hash: B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47

                    Issued to: Jason Pyeron
                    Issued by: COMODO RSA Code Signing CA
                    Expires:   Wed Sep 16 18:59:59 2015
                    SHA1 hash: 535A507A767922BE8C9BF959BCD2179DE626AAA4

Successfully verified: truecrypt-x64.sys

Number of files successfully Verified: 1
Number of warnings: 0
Number of errors: 0

bobbarker@bobbarker-PC /cygdrive/c/Users/bobbarker/Desktop
$

しかし、それらをインストールしようとすると、dredded エラーが発生します。

このファイルのデジタル署名を確認できません。最近のハードウェアまたはソフトウェアの変更により、正しく署名されていないか破損しているファイルがインストールされた可能性があります。または、不明なソースからの悪意のあるソフトウェアである可能性があります。

問題のファイルと関連する証明書を投稿しました。次のコマンドを使用してファイルを作成します。

for i in *.sys; do 
 cp "$i" "$i".presignbak && \
 /cygdrive/c/WinDDK/7600.16385.1/bin/amd64/SignTool.exe sign /v /ac AddTrust_External_CA_Root-srosssigned-by-Microsoft.crt /f signkey.pfx /p password /t http://timestamp.verisign.com/scripts/timstamp.dll "$i" ; 
done

私の証明書は署名アルゴリズムを使用しています: sha256WithRSAEncryption

次に何を試せばいいですか?

4

2 に答える 2

3

Microsoft は、Windows 7 でのドライバー署名に SHA-2 をサポートしていないことが判明しました。

場合によっては、2 つの異なる署名を使用してドライバー パッケージに署名する必要があります。たとえば、ドライバーを Windows 7 と Windows 8 で実行するとします。Windows 8 は、SHA256 ハッシュ アルゴリズムで作成された署名をサポートしていますが、Windows 7 はサポートしていません。Windows 7 の場合、SHA1 ハッシュ アルゴリズムで作成された署名が必要です。

x64 ハードウェア プラットフォーム上の Windows 7 および Windows 8 で実行されるドライバー パッケージをビルドして署名するとします。SHA1 を使用するプライマリ署名でドライバー パッケージに署名できます。次に、SHA256 を使用する 2 次署名を追加できます。両方の署名に同じ証明書を使用することも、別の証明書を使用することもできます。Visual Studio を使用して 2 つの署名を作成する手順は次のとおりです。

于 2014-12-30T16:57:27.083 に答える