Verify if a dll is in a catalog file that is signed with a certificate that has a certificate chain with root certificate coming from a certificate authority (CA)

Ram Keerthi 1 Reputation point
2022-08-24T12:47:56.007+00:00

Hi

I am beginner to this type of requirement.

I have create catalog file(.cat) for some list of dlls using below command
New-FileCatalog -Path D:\caltlog -CatalogFilePath D:\caltlog\Infrastracture.cat -CatalogVersion 2.0

and make that catalog file (Infrastracture.cat) to signed with certificate.

Could any one help to suggest the steps which are involved in verifying the dll is in Infrastracture.cat file signed with certificate using C++ code ?

Having below doubts,

How to install the CAT file ?

for C++ cod went with snippet (https://github.com/microsoft/Windows-classic-samples/blob/main/Samples/Security/CodeSigning/cpp/codesigning.cpp) but got null value for CatInfoHandle for below function call
CatInfoHandle = CryptCATAdminEnumCatalogFromHash(
CatAdminHandle,
HashData,
HashLength,
0,
&CatInfoHandle);

234497-image.png

Thanks and Regards,
Ramanji K

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,094 questions
Windows API - Win32
Windows API - Win32
A core set of Windows application programming interfaces (APIs) for desktop and server applications. Previously known as Win32 API.
2,412 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Limitless Technology 39,341 Reputation points
    2022-08-26T08:44:04.24+00:00

    Hello there,

    To verify that a driver package's catalog file was signed by a valid test certificate, use the following SignTool command:

    SignTool verify /v /pa CatalogFileName.cat

    To verify that a file, listed in a driver package's catalog file, is signed by a test certificate, use the following SignTool command:

    SignTool verify /v /pa /c CatalogFileName.cat DriverFileName

    More details here. Verifying the Signature of a Test-Signed Catalog File https://learn.microsoft.com/en-us/windows-hardware/drivers/install/verifying-the-signature-of-a-test-signed-catalog-file

    Using SignTool to Verify a File Signature https://learn.microsoft.com/en-us/windows/win32/seccrypto/using-signtool-to-verify-a-file-signature

    -------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept it as an answer–

    0 comments No comments

  2. Xiaopo Yang - MSFT 11,336 Reputation points Microsoft Vendor
    2022-08-29T03:27:55.44+00:00

    According to Installing a Catalog File by using CryptCATAdminAddCatalog, An installation program can use the CryptCATAdminAddCatalog and other CryptCATAdminXxx cryptography functions to programmatically install a catalog file in the system component and driver database.
    And I'm looking into verifying a file, listed in a catalog file, is signed by a certificate. But SignTool can do.