Anyone have any suggestions on the signtool returning “File not found”
when trying to sign with a real certificate not a test cert? As far as
I can tell I and my customer are following the steps spelled out in the
“Kernel-Mode Code Signing Walkthrough” but while test signing works
fine, we always fail the signtool.
Don Burn
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Dependency?
mm
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Don Burn
Sent: Monday, June 25, 2012 12:54 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] signtool - “File not found”
Anyone have any suggestions on the signtool returning “File not found”
when trying to sign with a real certificate not a test cert? As far as I
can tell I and my customer are following the steps spelled out in the
“Kernel-Mode Code Signing Walkthrough” but while test signing works fine, we
always fail the signtool.
Don Burn
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
I assume you’re doing this as part of the command line, and not from with VS, right?
Is the cert in the Cert Store or in a File?
I was always *much* more successful putting the cert (yes, sigh… the real one) in the personal Cert Store than in trying to use the cert from a file. And in terms of using the Cert from a smart card? Forget that. Never have seen it work.
Peter
OSR
Did you try enclosing the path in quotes?
I already forgot details but found the following comment in our builder which signs drivers:
We have certificates imported at build machines and use SHA for their identification.
Michal
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:bounce-506530-
xxxxx@lists.osr.com] On Behalf Of Don Burn
Sent: Monday, June 25, 2012 9:54 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] signtool - “File not found”Anyone have any suggestions on the signtool returning “File not found”
when trying to sign with a real certificate not a test cert? As far as
I can tell I and my customer are following the steps spelled out in the
“Kernel-Mode Code Signing Walkthrough” but while test signing works
fine, we always fail the signtool.Don Burn
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminarsTo unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
NOTE: The information in this message is intended for the personal and confidential use of the designated recipient(s) named above. To the extent the recipient(s) is/are bound by a non-disclosure agreement, or other agreement that contains an obligation of confidentiality, with AuthenTec, then this message and/or any attachments shall be considered confidential information and subject to the confidentiality terms of that agreement. If the reader of this message is not the intended recipient named above, you are notified that you have received this document in error, and any review, dissemination, distribution or copying of this message is strictly prohibited. If you have received this document in error, please delete the original message and notify the sender immediately.
Thank You!
AuthenTec, Inc. http://www.authentec.com/
Ah. That would make sense.
I’m not sure I understand the later comment about SHA. I haven’t had to use SHA, I use the friendly name (or whatever it’s called)… but have always had luck from the cert store.
Peter
OSR
> -----Original Message-----
From: xxxxx@lists.osr.com [mailto:bounce-506544-
xxxxx@lists.osr.com] On Behalf Of xxxxx@osr.com
Sent: Tuesday, June 26, 2012 4:19 AM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] signtool - “File not found”I’m not sure I understand the later comment about SHA. I haven’t had to use
SHA, I use the friendly name (or whatever it’s called)… but have always had
luck from the cert store.
We use SHA because it is the unequivocal certificate identification. Other ways can work but if something is going wrong, other certificate can be selected by mistake. Maybe it is too paranoid but writing SHA to a script once per two years isn’t so big price for avoiding all possible problems. We encountered some when experimented with signtool in the past and you know how much time it takes (can’t report usable error code because it is not secure enough…)
Michal
NOTE: The information in this message is intended for the personal and confidential use of the designated recipient(s) named above. To the extent the recipient(s) is/are bound by a non-disclosure agreement, or other agreement that contains an obligation of confidentiality, with AuthenTec, then this message and/or any attachments shall be considered confidential information and subject to the confidentiality terms of that agreement. If the reader of this message is not the intended recipient named above, you are notified that you have received this document in error, and any review, dissemination, distribution or copying of this message is strictly prohibited. If you have received this document in error, please delete the original message and notify the sender immediately.
Thank You!
AuthenTec, Inc. http://www.authentec.com/
Vodicka, Michal wrote:
> -----Original Message-----
> From: xxxxx@osr.com
>
> I’m not sure I understand the later comment about SHA. I haven’t had to use
> SHA, I use the friendly name (or whatever it’s called)… but have always had
> luck from the cert store.
We use SHA because it is the unequivocal certificate identification. Other ways can work but if something is going wrong, other certificate can be selected by mistake.
I, too, have switched to using the thumbprint SHA everywhere. There’s
odds of finding multiple matches on the name “Providenza” in my
certificate store a fairly high. Plus, there was a bug in the
“signtool” in the earliest versions of the Vista 6000 DDK such that it
would not find certs based on a partial name, but it WOULD find based on
SHA. Fool me once, as they say.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.