mraeryceos Posted September 10, 2011 Share Posted September 10, 2011 Quote from this post: "I've extracted a Windows hotfix (doesn't matter which one). The extraction contains a .cat file.I'm trying to recreate the .cat file they made to see if it can be reproduced. Thus I rename the originalto something else. I also got the "makecat" and "signtool" from win2k3_r2_SDK software. (I had toinstall about 1 gig of software just to get these two files that are around 50k combined and then deletethe SDK).Here are the steps that I did.1). created my own ".cdf" file which includes the files I think they included. In my case two, the".inf" and ".ver" filenames that got extracted with the relative dir path as ".\". I didn't specifyany of the optional things in the ".cdf".2). Although I used my own tag names, it looks like the long hexidecimal number in the orginal.cat file after opening it, may be the md5 number of the file entered as the tag name in the ".cdf".3). So far each tag/file seems to get a thumbprint and thumbprint algorithm that matches the original.4). Next to sign it, I go to the "general" tab for the security catalog that I opened and select view signature.I then select under this "general" tab "view certifcate" which displays the "Windows Component publisher"certificate. And on this screen, I select "install certificate" which runs a wizard and I let it select thecertificate store to use.I then go to the internet browser options selection, content tab and search around the various certificate storesfor the one that matches mine and the expire date code. I then export it to a ".cer" file using either x.509or the "DER"(?) one and name the file ".cer".I then run the "signtool signwizard /v" option and open the ".cer" file that contains the certificate I recentlycreated.However, it then wants a "private key" which I don't have. Is there anyway around this so that I cansign the ".cat" file I'm using with the certificate MSoft used to create theirs?If I should get this working. I will open the ".cat" file and compare all the data to the original one to know ifI reproduced theirs. So in the end, the digital signatures/keys should be an exact match to the original.Upon doing all this, I can modify the inf files and and repeat the process to create a .cat file to create myown customized MSoft certified hotfix. "--So, I would like the same thing. To make a microsoft signed "component" Link to comment Share on other sites More sharing options...
Guest Posted September 11, 2011 Share Posted September 11, 2011 (edited) Put simply, you are not Microsoft so you cannot sign packages as "Microsoft". They will not give out their private key.For more information see the Wikipedia articles for Digital signature and Public-key cryptography. Edited September 11, 2011 by 5eraph Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now