Create the Catalog File to Contain the Signature

  • Article

Applies To: Windows Server 2008

You can use this procedure to create the .cat file that holds the signature for the driver package.

Note

If the driver package you want to sign was previously signed by someone else, such as the device manufacturer, then there is already a .cat file and you do not need to create a new one. You can sign the package by using the existing catalog file.

To create a .cat file for a driver package, run the Signability tool.

Signability calculates a hash for each file in the package and places the hash into the catalog file. This hash is used to verify that the file was not changed after it was signed. The list of files for which hashes are calculated is found by parsing the.inf file of the driver package.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.

Creating a Catalog file

You can create a catalog file using either of the following techniques:

  • Create a catalog file by using the Signability Windows interface

  • Create a catalog file by using the Signability command line

Create a catalog file by using the Signability Windows interface

To create a catalog file by using the Signability Windows interface

  1. Open a WDK Build Environment command prompt by using the Run as administrator option. Review the details in "Additional considerations" in this topic.

  2. Type the command signability, and then press ENTER.

  3. In the Signability dialog box, click Browse, navigate to the folder containing the .inf file you want, select it, and then click OK.

    The path to your .inf file is displayed in the text box.

  4. Select the operating systems on which the driver package can be installed. Cancel the selection of all other operating systems.

  5. Check Generate catalogs.

  6. Click Go to start the analysis and catalog creation.

    The progress dialog box shows each file in the driver package as it is being examined. The process is complete when a Notepad window is displayed with the results. The output includes Warnings that each file is not represented by a signed catalog file. This indicates that the hash was created, but is not yet signed.

  7. Ensure that the output ends with a line that states Catalog files successfully created.

After creating the catalog file, you can open it by double-clicking the .cat file in Windows Explorer to examine the details. Windows will state that the catalog file is not digitally signed, but you can examine the hashes for each package file on the Security Catalog tab. The next step is to sign the .cat file by using the procedure Sign the Catalog File.

Create a catalog file by using the Signability command line

To create a catalog file by using the Signability command line

  1. Open a WDK Build Environment command prompt by using the Run as administrator option. Review the details in "Additional considerations" in this topic.

  2. At the command prompt, type the following, and then press ENTER:

    signability/driver:path/os:n/cat /auto

    The progress dialog box shows each file in the driver package as it is being examined. The process is complete when a Notepad window with the results is displayed. The output will include Warnings that each file is not represented by a signed catalog file. This indicates that the hash was created, but is not yet signed.

  3. Ensure that the output ends with a line that states Catalog files successfully created.

Value Description

/driver:path

Specifies the folder containing the driver package .inf file.

/os:n

Specifies the operating systems supported by the package. The value is the sum of the following values:

1 = Microsoft® Windows® 98

2 = Microsoft® Windows® 2000

4 = Microsoft® Windows® ME

8 = Microsoft® Windows® XP (32-bit)

16 = Windows XP (64-bit)

32 = Microsoft® Windows Server® 2003 (32-bit)

128 = Windows Server 2003 (64-bit)

256 = Windows Vista® (32-bit)

512 = Windows Vista (64-bit)

/cat

Specifies that the catalog files identified in the .inf file are to be created.

/auto

Specifies that Signability runs immediately without further user input.

Formatting legend

Format Meaning

Italic

Information that the user must supply

Bold

Elements that the user must type exactly as shown

After creating the catalog file, you can open it by double-clicking the .cat file in Windows Explorer to examine the details. Windows will state that the catalog file is not digitally signed, but you can examine the hashes for each package file on the Security Catalog tab. The next step is to sign the .cat file by using the procedure Sign the Catalog File.

Additional considerations

  • To start a WDK Build Environment command prompt with the Run as administrator option, click Start, All Programs, Windows Driver Kits, WDK <your build number>, Build Environments, and Windows Vista and Windows Server. Right-click Windows Vista and Windows Server Longhorn x86 Free Build Environment, and then click Run as administrator.

  • The Signability tool must be run at a command line started by using the Run as administrator option. The tool does not generate User Account Control prompts, and will fail, if run from a non-elevated command line.

  • A driver package for Windows Vista must be dated 04/01/2006 or later, or else Signability cannot successfully create the catalog file. The DriverVer line in the [Version] section must be updated with a valid date on or after 04/01/2006.

  • Even though the Signability tool allows you to select Windows 2000, Windows XP, and Windows Server 2003, these operating systems do not recognize Authenticode signatures from other than the Windows Hardware Quality Labs (WHQL). Signing a package with a non-WHQL certificate will not change the behavior of the installation for those operating systems.

You can also create a catalog file manually by using the MakeCat command that is part of the WDK. For more information about MakeCat, see "Using MakeCat" at https://go.microsoft.com/fwlink/?LinkId=82260.

Additional references