How to Sign Kernel Mode Drivers using EV Code Signing Certificates
Like applications, software, codes and scripts, Kernel-Mode Drivers can also be signed using EV Code Signing Certificates. The benefit of signing Kernel-Mode Drivers is that it helps users verify that this digitally signed kernel-mode driver packages are coming from a trusted organization or company.
If it has been tampered with, the user will be notified via a warning sign at installation time.
The Process of Signing with EV Code Signing Certificate
Before you start Signing Kernel-Mode Drivers Using EV Code Signing Certificatethe steps below need to be followed:
- Prepare EV Code Signing Certificate
- Download EV Code Signing Certificate
- Signing Kernel-Mode Drivers Using EV Code Signing Certificate
For Signing your Kernel-Mode Driver
- Open a Command Prompt in admin mode.
- Go to Windows Start and type cmd
- Right click on Command Prompt and click on Run as administrator
- Run the command below in the Command Prompt
signtool sign /v /ac "C:\path\CA-Name High Assurance EV Root CA.crt" /tr https://timestamp.<CA-Name>.com /td sha256 /fd sha256 /s my /n "Subject Name" "c:\path\to\ExampleFileSigned.cat"
- If the process was successful, you will see the response below, informing you that the program is signed and timestamped.
c:\Code>signtool sign /v /ac "C:\path\CA-Name High Assurance EV Root CA.crt" /tr https://timestamp.<CA-Name>.com /td sha256 /fd sha256 /s my /n "Subject Name" "c:\path\to\ExampleFileSigned.cat"
Done Adding Additional Store
Successfully signed and timestamped: ExampleFileSigned.cat
Additional Information:
How to Batch Sign Files with EV Code Signing Certificates
For batch signing files with an EV Code Signing Certificate, enable the single logon for the SafeNet Token. Once it’s enabled, you can log into the Token and start batch signing the files, while entering the password once per user session.
Steps to Enable Single Logon for a SafeNet Token
- Go to SafeNet Authentication Client Tools
- Start > Program Files > Safenet > Safenet Authentication Client Tools
- Click on the golden geared Advanced View
- Select Client Settings from the left pane in the menu tree
- Select Advanced Tab from the right pane
- Select Enable single logon option from the Advanced tab
- Click Save
- After enabling the Single Logon feature, log off from the computer and log on again