Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTDEV

Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Re[4]: Re[2]: Re[2]: Automating EV Signing (Windows Attestation)

Peter_ScottPeter_Scott Member - All Emails Posts: 751
Mark,

Yeah, sounds like some Symantec specific fault. For DigiCert, we
purchased 1 certificate which is our EV cert and I use it to locally
sign binaries using signtool.

Pete

--
Kernel Drivers
Windows File System and Device Driver Consulting
www.KernelDrivers.com
866.263.9295



------ Original Message ------
From: "Mark Roddy"
To: "Windows System Software Devs Interest List"
Sent: 4/26/2017 9:38:42 AM
Subject: Re: Re[2]: [ntdev] Re[2]: Re[2]: Automating EV Signing (Windows
Attestation)

>With the Symantec dongle, there is a checkbox down in the settings page
>of the utility to indicate to only request the password once after a
>user logs into the system. After that you continue to be asked for the
>password, defeating automation. If I had a day or two I would enter the
>hell that is symantec customer support and learn why I am doing it all
>wrong and need to do some other thing first that they didn't document.
>As my actual signing needs are rare, I've just put up with ev signing
>is manual. As ev signing is also really not needed except in some
>cases, I'd really like my ev cert to cough up its non-ev cousin so I
>could release sign everything like I used too.
>
>
>Mark Roddy
>
>On Tue, Apr 25, 2017 at 9:20 AM, PScott
>wrote:
>>
>>Mark,
>>
>>With the DigiCert dongle, there is a checkbox down in the settings
>>page of the utility to indicate to only request the password once
>>after a user logs into the system. After that you are good to go, no
>>more requesting it.
>>
>>Pete
>>
>>--
>>Kernel Drivers
>>Windows File System and Device Driver Consulting
>>www.KernelDrivers.com
>>866.263.9295
>>
>>
>>
>>------ Original Message ------
>>From: "Mark Roddy"
>>To: "Windows System Software Devs Interest List"
>>Sent: 4/24/2017 1:31:21 PM
>>Subject: Re: [ntdev] Re[2]: Re[2]: Automating EV Signing (Windows
>>Attestation)
>>
>>>No what has me confused is
>>>that anyone thinks the dongle-thing doesn't require manual
>>>intervention every time you try to sign something; and that somehow
>>>a non-ev cert magically appears from an ev cert and that this non-ev
>>>cert can be used as in the past by installing it on a secure build
>>>system and having the secure build system automatically release sign
>>>things without humans having to type shit in.
>>>I think I have to go buy a second non-ev sha2 cert for (2) but would
>>>love to have it 'splained otherwise, and at least with the Symantec
>>>dongle there doesn't appear to be any way to avoid humans with
>>>fingers, but I would also like to know that some humanoid has managed
>>>to convince the Symantec dongle to be amenable to automation.
>>>
>>>Mark Roddy
>>>
>>>On Mon, Apr 24, 2017 at 9:20 AM, wrote:
>>>>Mark,
>>>>
>>>>If it's the multiple dongle thing that has you confused. Our EV cert
>>>>(it might be different for others, but I understand that this is the
>>>>EV standard) has the private key on the smart card (dongle). This
>>>>dongle is linked to a specific machine. Moving it around from
>>>>machine to machine is a hassle. Moving it to another machine
>>>>deactivates the first machine and you have to go though a process to
>>>>get it registered with that other machine. Rather then do that I'm
>>>>told (from DigiCert) that you can obtain multiple dongles for the
>>>>same cert. This allows you to register them with multiple machines.
>>>>Ultimately so you can sign with the EV cert on more then one
>>>>machine.
>>>>
>>>>On the Developer Portal Attestation Signing: it's my experience that
>>>>Microsoft only allows you to store one EV cert on their portal for
>>>>them to acknowledge submissions by. According to Peter he was able
>>>>to convince Microsoft to register a non-EV cert (correct me if I'm
>>>>wrong here Peter) in order to get around the extra security of
>>>>signing a file with an EV cert.
>>>>
>>>>---
>>>>NTDEV is sponsored by OSR
>>>>
>>>>Visit the list online at:
>>>>>>>>
>>>>
>>>>MONTHLY seminars on crash dump analysis, WDF, Windows internals and
>>>>software drivers!
>>>>Details at
>>>>
>>>>To unsubscribe, visit the List Server section of OSR Online at
>>>>>>>>
>>>
>>>--- NTDEV is sponsored by OSR Visit the list online at: MONTHLY
>>>seminars on crash dump analysis, WDF, Windows internals and software
>>>drivers! Details at To unsubscribe, visit the List Server section of
>>>OSR Online at
>>
>>---
>>NTDEV is sponsored by OSR
>>
>>Visit the list online at:
>>>>
>>
>>MONTHLY seminars on crash dump analysis, WDF, Windows internals and
>>software drivers!
>>Details at
>>
>>To unsubscribe, visit the List Server section of OSR Online at
>>>>
>
>--- NTDEV is sponsored by OSR Visit the list online at: MONTHLY
>seminars on crash dump analysis, WDF, Windows internals and software
>drivers! Details at To unsubscribe, visit the List Server section of
>OSR Online at

Kernel Drivers
Windows File System and Device Driver Consulting
www.KernelDrivers.com
866.263.9295

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 9-13 Sept 2024 Live, Online
Developing Minifilters 15-19 July 2024 Live, Online
Internals & Software Drivers 11-15 Mar 2024 Live, Online
Writing WDF Drivers 20-24 May 2024 Live, Online