remaking cat files for windows hotfixes

[mraeryceos]

Quote from this post:

"I've extracted a Windows hotfix (doesn't matter which one). The extraction contains a .cat file.

I'm trying to recreate the .cat file they made to see if it can be reproduced. Thus I rename the original

to something else. I also got the "makecat" and "signtool" from win2k3_r2_SDK software. (I had to

install about 1 gig of software just to get these two files that are around 50k combined and then delete

the SDK).

Here are the steps that I did.

1). created my own ".cdf" file which includes the files I think they included. In my case two, the

".inf" and ".ver" filenames that got extracted with the relative dir path as ".\". I didn't specify

any of the optional things in the ".cdf".

2). Although I used my own tag names, it looks like the long hexidecimal number in the orginal

.cat file after opening it, may be the md5 number of the file entered as the tag name in the ".cdf".

3). So far each tag/file seems to get a thumbprint and thumbprint algorithm that matches the original.

4). Next to sign it, I go to the "general" tab for the security catalog that I opened and select view signature.

I then select under this "general" tab "view certifcate" which displays the "Windows Component publisher"

certificate. And on this screen, I select "install certificate" which runs a wizard and I let it select the

certificate store to use.

I then go to the internet browser options selection, content tab and search around the various certificate stores

for the one that matches mine and the expire date code. I then export it to a ".cer" file using either x.509

or the "DER"(?) one and name the file ".cer".

I then run the "signtool signwizard /v" option and open the ".cer" file that contains the certificate I recently

created.

However, it then wants a "private key" which I don't have. Is there anyway around this so that I can

sign the ".cat" file I'm using with the certificate MSoft used to create theirs?

If I should get this working. I will open the ".cat" file and compare all the data to the original one to know if

I reproduced theirs. So in the end, the digital signatures/keys should be an exact match to the original.

Upon doing all this, I can modify the inf files and and repeat the process to create a .cat file to create my

own customized MSoft certified hotfix. "

--

So, I would like the same thing. To make a microsoft signed "component"

[Guest]

Put simply, you are not Microsoft so you cannot sign packages as "Microsoft". They will not give out their private key.

For more information see the Wikipedia articles for Digital signature and Public-key cryptography.

Edited September 11, 2011 by 5eraph