Re[2]: Re[2]: Automating EV Signing (Windows Attestation)

After opening a support ticket, we were successful in getting 2 SHA2
certs, we have 2 offices, each with their own physical USB token,
registered. Not sure about a SHA1 combination.

Pete


Kernel Drivers
Windows File System and Device Driver Consulting
www.KernelDrivers.com
866.263.9295

------ Original Message ------
From: xxxxx@live.com
To: “Windows System Software Devs Interest List”
Sent: 4/22/2017 12:24:36 PM
Subject: RE:[ntdev] Re[2]: Automating EV Signing (Windows Attestation)

>Yes, Microsoft. We tried registering a second certificate to have a
>SHA1 and SHA2 registered but Microsoft wouldn’t except more then one.
>Maybe opening another ticket with Microsoft will yield different
>results if we try it again.
>
>—
>NTDEV is sponsored by OSR
>
>Visit the list online at:
>http:
>
>MONTHLY seminars on crash dump analysis, WDF, Windows internals and
>software drivers!
>Details at http:
>
>To unsubscribe, visit the List Server section of OSR Online at
>http:</http:></http:></http:>

We’re in the process of getting multiple tokens for the same certificate. I hope we don’t have to get separate certs for each dongle. That would be a pain. Ideally I’d like to have the cert and dongle on the build server that does the release signing, packaging, upload to MSFT, download, and final build. But, that isn’t attainable in the immediate future.

Ok now I am totally confused. I have an ev cert. It is fairly useless
(barring some autoit hack) for automated builds because the interface
requires manual intervention to sign stuff. I *think* I am reading that I
have to go buy YET ANOTHER CERT, this one just a regular non-ev sha2 cert,
and if I do that I can get back to having my secure build system do its
secure build thing and vomit out sha2 release signed things like it used to
before all this crapfest of ev cert requirements started. AND, if I am
extremely clever, I might even be able to convince my build system to make
it through attestation signing with the MSFT portal without a human having
to click buttons, again using the sha2 non-ev cert and an account set up
using the ev cert. Do I have that right?

And the bottom line is that the ev cert I paid super extra for is actually
only needed for set up of the portal account?

Mark Roddy

On Sun, Apr 23, 2017 at 12:32 AM, wrote:

> We’re in the process of getting multiple tokens for the same certificate.
> I hope we don’t have to get separate certs for each dongle. That would be a
> pain. Ideally I’d like to have the cert and dongle on the build server that
> does the release signing, packaging, upload to MSFT, download, and final
> build. But, that isn’t attainable in the immediate future.
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list online at: http:> showlists.cfm?list=ntdev>
>
> MONTHLY seminars on crash dump analysis, WDF, Windows internals and
> software drivers!
> Details at http:
>
> To unsubscribe, visit the List Server section of OSR Online at <
> http://www.osronline.com/page.cfm?name=ListServer&gt;
></http:></http:>

For us, we purchased an EV cert which is a SHA2 cert. This is the cert I used for setting up signing through my portal and it is the cert I use to sign drivers locally, for those that accept SHA2 certs.

Pete

On April 23, 2017 8:09:25 AM MDT, Mark Roddy wrote:
>Ok now I am totally confused. I have an ev cert. It is fairly useless
>(barring some autoit hack) for automated builds because the interface
>requires manual intervention to sign stuff. I think I am reading that
>I
>have to go buy YET ANOTHER CERT, this one just a regular non-ev sha2
>cert,
>and if I do that I can get back to having my secure build system do its
>secure build thing and vomit out sha2 release signed things like it
>used to
>before all this crapfest of ev cert requirements started. AND, if I am
>extremely clever, I might even be able to convince my build system to
>make
>it through attestation signing with the MSFT portal without a human
>having
>to click buttons, again using the sha2 non-ev cert and an account set
>up
>using the ev cert. Do I have that right?
>
>And the bottom line is that the ev cert I paid super extra for is
>actually
>only needed for set up of the portal account?
>
>
>Mark Roddy
>
>On Sun, Apr 23, 2017 at 12:32 AM, wrote:
>
>> We’re in the process of getting multiple tokens for the same
>certificate.
>> I hope we don’t have to get separate certs for each dongle. That
>would be a
>> pain. Ideally I’d like to have the cert and dongle on the build
>server that
>> does the release signing, packaging, upload to MSFT, download, and
>final
>> build. But, that isn’t attainable in the immediate future.
>>
>> —
>> NTDEV is sponsored by OSR
>>
>> Visit the list online at: http:>> showlists.cfm?list=ntdev>
>>
>> MONTHLY seminars on crash dump analysis, WDF, Windows internals and
>> software drivers!
>> Details at http:
>>
>> To unsubscribe, visit the List Server section of OSR Online at <
>> http://www.osronline.com/page.cfm?name=ListServer&gt;
>>
>
>—
>NTDEV is sponsored by OSR
>
>Visit the list online at:
>http:
>
>MONTHLY seminars on crash dump analysis, WDF, Windows internals and
>software drivers!
>Details at http:
>
>To unsubscribe, visit the List Server section of OSR Online at
>http:


Sent from my Android device with K-9 Mail. Please excuse my brevity.</http:></http:></http:></http:></http:>

Mark,

If it’s the multiple dongle thing that has you confused. Our EV cert (it might be different for others, but I understand that this is the EV standard) has the private key on the smart card (dongle). This dongle is linked to a specific machine. Moving it around from machine to machine is a hassle. Moving it to another machine deactivates the first machine and you have to go though a process to get it registered with that other machine. Rather then do that I’m told (from DigiCert) that you can obtain multiple dongles for the same cert. This allows you to register them with multiple machines. Ultimately so you can sign with the EV cert on more then one machine.

On the Developer Portal Attestation Signing: it’s my experience that Microsoft only allows you to store one EV cert on their portal for them to acknowledge submissions by. According to Peter he was able to convince Microsoft to register a non-EV cert (correct me if I’m wrong here Peter) in order to get around the extra security of signing a file with an EV cert.

No what has me confused is

  1. that anyone thinks the dongle-thing doesn’t require manual
    intervention every time you try to sign something; and that
  2. somehow a non-ev cert magically appears from an ev cert and that
    this non-ev cert can be used as in the past by installing it on a secure
    build system and having the secure build system automatically release sign
    things without humans having to type shit in.

I think I have to go buy a second non-ev sha2 cert for (2) but would love
to have it 'splained otherwise, and at least with the Symantec dongle there
doesn’t appear to be any way to avoid humans with fingers, but I would also
like to know that some humanoid has managed to convince the Symantec dongle
to be amenable to automation.

Mark Roddy

On Mon, Apr 24, 2017 at 9:20 AM, wrote:

> Mark,
>
> If it’s the multiple dongle thing that has you confused. Our EV cert (it
> might be different for others, but I understand that this is the EV
> standard) has the private key on the smart card (dongle). This dongle is
> linked to a specific machine. Moving it around from machine to machine is a
> hassle. Moving it to another machine deactivates the first machine and you
> have to go though a process to get it registered with that other machine.
> Rather then do that I’m told (from DigiCert) that you can obtain multiple
> dongles for the same cert. This allows you to register them with multiple
> machines. Ultimately so you can sign with the EV cert on more then one
> machine.
>
> On the Developer Portal Attestation Signing: it’s my experience that
> Microsoft only allows you to store one EV cert on their portal for them to
> acknowledge submissions by. According to Peter he was able to convince
> Microsoft to register a non-EV cert (correct me if I’m wrong here Peter) in
> order to get around the extra security of signing a file with an EV cert.
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list online at: http:> showlists.cfm?list=ntdev>
>
> MONTHLY seminars on crash dump analysis, WDF, Windows internals and
> software drivers!
> Details at http:
>
> To unsubscribe, visit the List Server section of OSR Online at <
> http://www.osronline.com/page.cfm?name=ListServer&gt;
></http:></http:>

xxxxx@live.com wrote:

On the Developer Portal Attestation Signing: it’s my experience that Microsoft
only allows you to store one EV cert on their portal for them to acknowledge
submissions by. According to Peter he was able to convince Microsoft to register
a non-EV cert (correct me if I’m wrong here Peter) in order to get around the
extra security of signing a file with an EV cert.

We bought “one EV certificate” but “on two dongles.” And this seems
to result in two separate certificates; or at least two certificates
which unique thumbprints.

As such, we actually /had/ to upload both certificates to Microsoft
SysDev / Dev Center back when the EV requirement was in force, because
the signatures of one dongle versus the other were not identical.

But I’m not recalling having to twist anyone’s arm in order to upload
the additional EV certificate. (i.e. A WinQual.exe signed with “the
other dongle”, in addition to the first signed WinQual.exe we
uploaded.)

Maybe if I had a “truly independent EV certificate”, issued separately
or even from a different CA, there would have been more of a concern
from Microsoft’s end.

Alan Adams
Client for Open Enterprise Server
Micro Focus
xxxxx@microfocus.com

Alan, what I found is uploading another certificate using WinQual overrides the first certificate. So you can only have one registered at a time (at least for me).

Mark, I’ll do my best to answer your statements:

  1. My understanding is the EV system was produced to require a person to physically type in the password to quite literally sign off on the driver as being their own. In my opinion any way around that is subverting the security and intention behind the system.
  2. I’m not 100% on what your asking here. But, the process Microsoft outlines is they require you register an EV cert with them through their portal. When you submit drivers to them they check you have signed it with the registered EV cert. Once they validate it has been signed by that cert (and run it through come minor tests) they sign it with their WHQL certificate that contains the needed EKU (Enhanced Key Usage) “Windows Hardware Driver Attested Verification” (1.3.6.1.4.1.311.10.3.5.1). It is this cert that the OS checks for when a driver tries to load on a Windows 10 system with Secure Boot enabled.

You should only need one EV cert, access to the Microsoft Hardware Developer Dashboard (https://developer.microsoft.com/en-us/dashboard/hardware), and the aforementioned EV cert registered with the dashboard. This allows you to package and upload the drivers for attestation signing. FYI there is a very specific process to packaging the driver.

If you’re looking to fully automate the process. It isn’t fully automate-able at this time. Simply because Microsoft doesn’t expose an API to submit to their dashboard.

It is possible to get around having to enter the password manually for the EV cert. If there is a will there is a way. Given what I know about the protection around it (at least for the one from my CA) it would take some work to get around it. But, this begs the question: is it right to do so? Personally I’d say no, the system is intended for a person to physically sign off on binaries produced by them. Automating it removes that.

My intention behind me creating this post was to learn how others in the community have approached the problem. I have no intent to solve the problem myself, at least not right now. Maybe once Microsoft releases some API to submit to their dashboard. Even then I don’t see a lot of need. Driver releases shouldn’t be frequent enough that manually typing in a password is a burden.

xxxxx@live.com wrote:

Alan, what I found is uploading another certificate using WinQual
overrides the first certificate. So you can only have one registered
at a time (at least for me).

Interesting. Well, for whatever little it helps, all I can say that
when looking at the “manage certificates” administration section of
Microsoft SysDev, it lists our “two” EV certificates side-by side.
With identical “Issuer”, “Issuee”, “Certificate Type”, “Expiry” and
“Status” fields.

The only difference shown by SysDev is the “Registered Date” shown,
since we uploaded one of them later than the other. Which was after
we realized that things “signed by the other dongle” (our “backup”
signing server) weren’t being accepted by SysDev, and didn’t have the
same certificate thumbprint as the other dongle.

First registration was 8/2/2015, and the second was 3/10/2016. So
plenty of time for things to have changed since then.

Alan Adams
Client for Open Enterprise Server
Micro Focus
xxxxx@microfocus.com

For what its worth. We have 4 in our list (3 EV). Only the top one lists a thumbprint. The others have expiration dates listed and show “active” under the status column. But, I assume that is associated with the expiration date since the 4th one shows “Expired” and the expiration date has passed. In any event since they only have one Thumbprint I suspect it means only that one is active. I know this since I’ve tired uploading a driver with one of the old signature in the past (had come mix-ups with our CA). Here is what I see (with PII taken out):

Name Thumbprint Type Expiration date Status
COMPANYX ABCDEFGHIJKLMNOPQRSTUVQXYZ123456890 EV 10/9/2018 5:00:00 AM Active
COMPANYX EV 10/9/2018 5:00:00 AM Active
COMPANYX EV 10/9/2018 5:00:00 AM Active
COMPANYX CodeSign 1/9/2014 3:59:59 PM Expired

Thought it might be interesting to see at the very least. Thanks for all the discussion I appreciate all the insight.

> My understanding is the EV system was produced to require a person
> to physically type in the password to quite literally sign off on
> the driver as being their own. In my opinion any way around that
> is subverting the security and intention behind the system.

Needing to enter a password is a dongle thing, not an EV thing.

EV certs can be installed on an HSM, and HSM’s can be used with saved
credentials (e.g. no need to enter a password every time – fully automated).
Unfortunately, HSM’s are outrageously expensive.

http://www.osronline.com/showThread.cfm?link=278314#T10

P.S. IMHO, “the EV system” was produced to increase the profits of
certificate authorities and provide security theater for users.

Mark Roddy wrote:

No what has me confused is

  1. that anyone thinks the dongle-thing doesn’t require manual
    intervention every time you try to sign something; and that
  2. somehow a non-ev cert magically appears from an ev cert and that
    this non-ev cert can be used as in the past by installing it on a
    secure build system and having the secure build system
    automatically release sign things without humans having to type
    shit in.

I think I have to go buy a second non-ev sha2 cert for (2)…

That’s what I did. My Digicert EV dongle certainly requires manual
intervention.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

PScott wrote:

> Launch the SafeNet app and click on the settings icon. In the settings
> page, select the “Client Settings” and then ‘Advanced’. Check the
> ‘Enable single logon’ option.

Agreed. Ours is also DigiCert, and “that one initial prompt for
password” which never recurs thereafter for the life of the Windows
logon session is what’s being automated by the AutoIt script.

i.e. The password will only be prompted for once, but the AutoIt
script is what handles even that single prompt. So that the signing
server is fully automated and ready for use even after being rebooted.

Alan Adams
Client for Open Enterprise Server
Micro Focus
xxxxx@microfocus.com

> No what has me confused is

  1. that anyone thinks the dongle-thing doesn’t require manual
    intervention every time you try to sign something; and that
  2. somehow a non-ev cert magically appears from an ev cert and that
    this non-ev cert can be used as in the past by installing it on a secure
    build system and having the secure build system automatically release sign
    things without humans having to type shit in.

I think I have to go buy a second non-ev sha2 cert for (2) but would love
to have it 'splained otherwise, and at least with the Symantec dongle there
doesn’t appear to be any way to avoid humans with fingers, but I would also
like to know that some humanoid has managed to convince the Symantec dongle
to be amenable to automation.

Mark Roddy

Mark, I believe your understanding matches ours and as a result we have both
an EV certificate to register with the portal and a separately-purchased
non-EV certificate that we sign with to avoid the automation-killing
password request. Both certificates are registered on the portal.

(Now if they’d just support automation for the upload/download of
the drivers for signing we’d be all the way there…).

That said, it sounds like people might be having problems with getting
multiple certs registered. Ours were all registered under the old
“sysdev” site rather than the new “developer” site, so ours might
have been “grandfathered in”. If they broke registering multiple certs
on the new site I hope they fix it before we need to buy new certs.

Eric Berge

Everyone! Thanks for the great information and discussion.

I’ve been attending to a wildfire all day here. When I find time I’ll give some of these suggestions a shot and report back.