Bewerken

Delen via


Catalog files and digital signatures

A digitally signed catalog file (.cat) can be used as a digital signature for an arbitrary collection of files. A catalog file contains a collection of cryptographic hashes, or thumbprints. Each thumbprint corresponds to a file that is included in the collection.

Plug and Play (PnP) device installation recognizes the signed catalog file of a driver package as the digital signature for the driver package. Each thumbprint in the catalog file corresponds to a file that the driver package installs. Regardless of the intended operating system, cryptographic technology is used to digitally sign the catalog file.

PnP device installation considers the digital signature of a driver package to be invalid if any file in the driver package is altered after the driver package was signed. Such files include the INF file, the catalog file, and all files that are copied by INF CopyFiles directives. For example, even a single-byte change to correct a misspelling invalidates the digital signature. If the digital signature is invalid, you must either resubmit the driver package to the Windows Hardware Dev Center for a new signature, or generate a new Authenticode signature for the driver package.

Similarly, changes to a device's hardware or firmware require a revised device ID value so that the system can detect the updated device and install the correct driver. Because the revised device ID value must appear in the INF file, you must either resubmit the package to the Windows Hardware Dev Center for a new signature or generate a new Authenticode signature for the driver package. You must get a new device ID even if the driver binaries don't change.

The CatalogFile directive in the INF Version section of the driver's INF file specifies the name of the catalog file for the driver package. During driver installation, the operating system uses the CatalogFile directive to identify and validate the catalog file. The system installs the catalog file to the CatRoot directory under the system directory returned by GetSystemDirectory, for example, %SystemRoot%\System32\CatRoot. Catalog files shouldn't be added to or removed from that directory manually. For driver packages, the catalog file is automatically installed to the CatRoot when the driver package is staged to the Driver Store. The catalog file is automatically uninstalled from the CatRoot when the driver package is removed from the Driver Store. If you need to install a catalog file to the CatRoot for reasons outside of a driver package, see Installing a Catalog File by using SignTool and Installing a Catalog File by using CryptCATAdminAddCatalog.

Guidelines for catalog files

Starting with Windows 2000, if the driver package installs the same binaries on all versions of Windows, the INF file can contain a single, undecorated CatalogFile directive. However, if the package installs different binaries for different versions of Windows, the INF file should contain decorated CatalogFile directives. For more information about the CatalogFile directive, see INF Version Section.

If you have more than one driver package, you should create a separate catalog file for each driver package and give each catalog file a unique file name. Two unrelated driver packages can't share a single catalog file. However, a single driver package that serves multiple devices requires only one catalog file.