Hi everyone!
I have a question.
Must the token for signing a driver be based on RSA encryption, or is ECC acceptable?
thanks in advance.
I opened my EV certificate and the public key property says 'ECC (256 bits)'.
As I have used this to sign drivers then, at a guess, yes you can use ECC.
Thanks for your reply.
It's a bit strange. I pointed out that, based on testing with CiValidateFileObject(), passing an ECC-signed input for verification results in 0xC0000428 (STATUS_INVALID_IMAGE_HASH).
Note: CiValidateFileObject is used for signature verification whenever a new driver is loaded.
Seeing as how windows no longer supports, outside of test mode, any signed drivers other than those signed using Microsoft’s own certs, I am unclear what the op is trying to do. You don’t need anything other than a test cert and test mode enabled.
If you are signing your objects prior to getting Microsoft to sign them, ok, that should work, but your initial signing will not result in an acceptable object.
Mark Roddy
It is not limited to driver verification; it also cannot verify the signature of any ECC-signed PE file using CiValidateFileObject().
After analyzing CI.dll, I found a function named MinCrypt_DisableEcdsa that sets a specific byte during execution. This function is called within CipInitialize, and the byte it sets is involved in signature verification. If this byte is set, the function returns STATUS_INVALID_IMAGE_HASH. I reset this byte using WinDbg and tested again, and everything worked fine.
Does anyone have further insight into this?