Using SetupAPI To Verify Driver Authenticode Signatures

You can use the following procedures to verify that a driver has a valid vendor-supplied Authenticode signature. These procedures are only supported by Microsoft® Windows® Server 2003 and later versions.

To determine if a driver has a valid Authenticode™ signature

• Check the DNF_AUTHENTICODE_SIGNED flag.

  If a driver has a valid Authenticode signature, Setup sets this flag in the Flags member of the driver node's SP_DRVINSTALL_PARAMS structure. (Also note that Setup sets the DNF_INF_IS_SIGNED flag if the driver has a WHQL digital signature, if it is a system-supplied driver, or if it has an Authenticode signature.)

To verify that an INF file has a valid Authenticode signature

1. Call the general setup function SetupVerifyInfFile.
2. Check the function's return error code.

   If the INF file is not system-supplied and does not have a valid WHQL digital signature, but it does have a valid Authenticode signature, SetupVerifyInfFile returns FALSE and GetLastError returns one of the following error codes:

   ERROR_AUTHENTICODE_TRUSTED_PUBLISHER

   Indicates that the publisher is trusted because the publisher's certificate is installed in the trusted publisher certificates store (see Using Vendor-Supplied Authenticode Signatures To Authenticate Drivers).

   ERROR_AUTHENTICODE_TRUST_NOT_ESTABLISHED

   Indicates that trust cannot be automatically established because the publisher's signing certificate is not installed in the trusted publisher certificates store. However, this does not necessarily indicate an error. Instead it indicates that the caller must apply a caller-specific policy to establish trust in the publisher.

   If the INF file has a valid Authenticode signature, SetupVerifyInfFile also returns the following information in the SP_INF_SIGNER_INFO output structure:

   • The DigitalSigner member is set to the name of the signer.
   • The CatalogFile member is set to the full path of the corresponding signed catalog file.

   Note, however, that SetupVerifyInfFile does not return the version in the DigitalSignerVersion member.

To verify that a file has a valid Authenticode signature

• Call the general setup function SetupScanFileQueue using the SPQ_SCAN_USE_CALLBACK_SIGNERINFO flag.

  SetupScanFileQueue sends an SPFILENOTIFY_QUEUESCAN_SIGNERINFO request to the caller's callback routine and passes a pointer to a FILEPATHS_SIGNERINFO structure. If a file is signed with a valid Authenticode signature, the function sets the error code to the appropriate ERROR_AUTHENTICODE_Xxx value before calling the callback for a file. The function also sets the following information in the FILEPATHS_SIGNERINFO structure:

  • The DigitalSigner member is set to the name of the signer.
  • The CatalogFile member is set to the full path of the corresponding signed catalog file.

  Note, however, that the version is not set in the Version member.

  SetupScanFileQueue sets the ERROR_AUTHENTICODE_Xxx error code in the same way as described earlier in this topic for SetupVerifyInfFile.