[Ach] Signing

David Durvaux david.durvaux at belnet.be
Fri Nov 29 10:16:31 CET 2013

So, in short, we have another whitepaper to wrote ;)

Ter info, don't know what's your problem with device signing but for security reasons, the recognized CA for drivers is now embedded somewhere in Windows kernel.  You cannot change it and it's different from the computer / user CA store. :-S

If you didn't have a certificate signed by an authority can sign certificate for use on drivers, you need to boot windows in a development mode where it will basically accept anything :D.


David Durvaux
Belnet CERT
PGP Key Id 0xE84A32A0

Louizalaan 231 Avenue Louise
Brussel 1050 Bruxelles
België Belgique
T: +32 790 33 33

On 29 Nov 2013, at 10:03, Adi Kriegisch wrote:

> Hi!
>> Stupid question ;).  Should we wrote something on code / script signing?
>> Probably out of scope for this document but it's something that it's
>> largely not enough documented...
> I think that is beyond the scope of this document and would rather fit in
> another white paper about certificates, certificate authorities and the
> like...
>> I was quiet surprise by the time it took me to sign a PowerShell script
>> recently.
> ...on the other hand, I have some experience with the pain of debugging a
> non-working EAP-TTLS setup on Win8 and finding out how to create a
> certificate that will be accepted for that purpose and right now I am
> struggling with signing printer drivers in a way win7 and win8 accept
> them. So yes, very interested! :)
> -- Adi
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1535 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20131129/886d8b06/attachment.sig>

More information about the Ach mailing list