This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 97%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERK%3C/text%3E%3C/svg%3E)
Hi
I am beginner to this type of requirement.
I have create catalog file(.cat) for some list of dlls using below command
New-FileCatalog -Path D:\caltlog -CatalogFilePath D:\caltlog\Infrastracture.cat -CatalogVersion 2.0
and make that catalog file (Infrastracture.cat) to signed with certificate.
Could any one help to suggest the steps which are involved in verifying the dll is in Infrastracture.cat file signed with certificate using C++ code ?
Having below doubts,
How to install the CAT file ?
for C++ cod went with snippet (https://github.com/microsoft/Windows-classic-samples/blob/main/Samples/Security/CodeSigning/cpp/codesigning.cpp) but got null value for CatInfoHandle for below function call
CatInfoHandle = CryptCATAdminEnumCatalogFromHash(
CatAdminHandle,
HashData,
HashLength,
0,
&CatInfoHandle);
Thanks and Regards,
Ramanji K
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 34%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EXY%3C/text%3E%3C/svg%3E)
Hello, @Ram Keerthi , Why do you need to do what SignTool can do?
According to Installing a Catalog File by using CryptCATAdminAddCatalog, An installation program can use the CryptCATAdminAddCatalog and other CryptCATAdminXxx cryptography functions to programmatically install a catalog file in the system component and driver database.
And I'm looking into verifying a file, listed in a catalog file, is signed by a certificate. But SignTool can do.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 37%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
@Xiaopo Yang - MSFT I tried adding my signed catalog file to the CatRoot using CryptCATAdminAddCatalog
I could see the catalog file is successfully added to the CatRoot, but the signature of the file is Invalid.
I'm not sure why signature got invalidated and do you know how to fix this ?
Hello there,
To verify that a driver package's catalog file was signed by a valid test certificate, use the following SignTool command:
SignTool verify /v /pa CatalogFileName.cat
To verify that a file, listed in a driver package's catalog file, is signed by a test certificate, use the following SignTool command:
SignTool verify /v /pa /c CatalogFileName.cat DriverFileName
More details here. Verifying the Signature of a Test-Signed Catalog File https://learn.microsoft.com/en-us/windows-hardware/drivers/install/verifying-the-signature-of-a-test-signed-catalog-file
Using SignTool to Verify a File Signature https://learn.microsoft.com/en-us/windows/win32/seccrypto/using-signtool-to-verify-a-file-signature
-------------------------------------------------------------------------------------------------------------------------------
--If the reply is helpful, please Upvote and Accept it as an answer–
