Sign the Catalog File

Updated: August 31, 2007

Applies To: Windows Server 2008

You can use this procedure to sign the catalog file associated with a device driver package. Signing the catalog file involves encrypting the contents using a public/private key pair. The public key is part of the certificate used to create and validate the certificate. Only the public key that is part of the certificate can decrypt the signature that was created with the private key. Successfully decrypting the signature by using a trusted certificate that can be traced back to a certification authority ensures that the signature is genuine, and that the package is from whom it claims to be.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.

To sign the catalog file

  1. Open a WDK Build Environment command prompt by using the Run as administrator option. Review the details in "Additional considerations" in this topic.

  2. At the command prompt, type the following on one line, and then press ENTER:

    signtool sign /s certificatestore/n certficatename /t http://timestamp.verisign.com/scripts/timestamp.dllfilename.cat

 

Value Description

/s certificatestore

Specifies the store name on the local computer where a copy of the signing certificate can be found. Review the details in "Additional considerations" in this topic.

/n certificatename

Specifies the subject name of the signing certificate to be used.

/t http://timestamp.verisign.com/scripts/timestamp.dll

Specifies the service used to timestamp your signature. If you purchase an Authenticode certificate from another vendor, then you should use the service that vendor provides. Review the details in "Additional considerations" in this topic.

Filename.cat

Specifies the catalog file to be signed.

Formatting legend

 

Format Meaning

Italic

Information that the user must supply

Bold

Elements that the user must type exactly as shown

  • To start a WDK Build Environment command prompt with the Run as administrator option, click Start, All Programs, Windows Driver Kits, WDK <your build number>, Build Environments, and Windows Vista and Windows Server. Right-click Windows Vista and Windows Server Longhorn x86 Free Build Environment, and then click Run as administrator.

  • The SignTool tool must be run at a command line started by using the Run as administrator option. The tool does not generate User Account Control prompts, and will fail if run from a non-elevated command line.

  • SignTool can accept the certificate as a file on disk, as well as in the certificate store on the local computer. For more information about SignTool and the options it supports, see "Using SignTool" at http://go.microsoft.com/fwlink/?LinkId=82263.

  • For more information about the command line reference for SignTool, see "SignTool" at http://go.microsoft.com/fwlink/?LinkId=82264.

  • For more information about code signing, see "Code Signing Best Practices" at http://go.microsoft.com/fwlink/?LinkId=82265.

Community Additions

ADD
Show: