Verify if a dll is in a catalog file that is signed with a certificate that has a certificate chain with root certificate coming from a certificate authority (CA)

Ram Keerthi 1 Reputation point
2022-08-24T12:47:56.007+00:00

Hi

I am beginner to this type of requirement.

I have create catalog file(.cat) for some list of dlls using below command
New-FileCatalog -Path D:\caltlog -CatalogFilePath D:\caltlog\Infrastracture.cat -CatalogVersion 2.0

and make that catalog file (Infrastracture.cat) to signed with certificate.

Could any one help to suggest the steps which are involved in verifying the dll is in Infrastracture.cat file signed with certificate using C++ code ?

Having below doubts,

How to install the CAT file ?

for C++ cod went with snippet (https://github.com/microsoft/Windows-classic-samples/blob/main/Samples/Security/CodeSigning/cpp/codesigning.cpp) but got null value for CatInfoHandle for below function call
CatInfoHandle = CryptCATAdminEnumCatalogFromHash(
CatAdminHandle,
HashData,
HashLength,
0,
&CatInfoHandle);

234497-image.png

Thanks and Regards,
Ramanji K

Windows development | Windows API - Win32
Windows for business | Windows Server | User experience | Other
{count} votes

2 answers

Sort by: Most helpful
  1. Limitless Technology 39,931 Reputation points
    2022-08-26T08:44:04.24+00:00

    Hello there,

    To verify that a driver package's catalog file was signed by a valid test certificate, use the following SignTool command:

    SignTool verify /v /pa CatalogFileName.cat

    To verify that a file, listed in a driver package's catalog file, is signed by a test certificate, use the following SignTool command:

    SignTool verify /v /pa /c CatalogFileName.cat DriverFileName

    More details here. Verifying the Signature of a Test-Signed Catalog File https://learn.microsoft.com/en-us/windows-hardware/drivers/install/verifying-the-signature-of-a-test-signed-catalog-file

    Using SignTool to Verify a File Signature https://learn.microsoft.com/en-us/windows/win32/seccrypto/using-signtool-to-verify-a-file-signature

    -------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept it as an answer–

    0 comments No comments

  2. Xiaopo Yang - MSFT 12,731 Reputation points Microsoft External Staff
    2022-08-29T03:27:55.44+00:00

    According to Installing a Catalog File by using CryptCATAdminAddCatalog, An installation program can use the CryptCATAdminAddCatalog and other CryptCATAdminXxx cryptography functions to programmatically install a catalog file in the system component and driver database.
    And I'm looking into verifying a file, listed in a catalog file, is signed by a certificate. But SignTool can do.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.