Andreas, Thanks for confirming. Indeed the CRL URL would be of importance. Testing signtool on a signed driver catalog file should reveal more detail how it works, then use Process Monitor and Network Monitor to see files that are opened and calls going on. SignTool is in SDK, and would require Visual Studio to build.
Thanks, Edgar -----Original Message----- From: Andreas Schneider [mailto:[email protected]] Sent: Thursday, November 24, 2016 7:16 AM To: Edgar Olougouna <[email protected]> Cc: [email protected]; MSSolve Case Email <[email protected]> Subject: Re: [REG:116102514847681]: [MS-PAR] Q 1/2 3.1.4.2.7 RpcAsyncInstallPrinterDriverFromPackage; performing additional validation steps On Tuesday, 22 November 2016 06:30:20 CET Edgar Olougouna wrote: > Andreas, > The drivers are generally signed through Windows Hardware Dev Center > Dashboard. This is normally achieved through WHQL program. From my > understanding, in Windows, print driver certificate verification is > done through some generic setup API call. At the moment, I am planning > to explore SignTool and see what calls it makes. > > For the other question, I don't think there is a specific MS-PAR call > that creates the cabinet file in the PCC directory. > > Using SignTool to Verify a File Signature > https://msdn.microsoft.com/en-us/library/windows/desktop/aa388171(v=vs > .85).a > spx > > SignTool > https://msdn.microsoft.com/en-us/library/windows/desktop/aa387764(v=vs > .85).a > spx Edgar, I finally found out how this is working. The Catalog file includes all intermediate certificates. You just need one of the Microsoft Root Certificate to verify the chain. The one I was looking for was included and it had the URL where you can find it online too: http://www.microsoft.com/pki/CRL/products/Microsoft%20Windows%20Hardware %20Compatibility%20PCA(1).crl This issue is solved now. Thanks for your help. Andreas -- Andreas Schneider GPG-ID: CC014E3D Samba Team [email protected] www.samba.org _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
