locked
[HCK Win8400]How to sign the HCK package? RRS feed

  • Question

  • When i click on create package, the HCK prompt 3 options for me :

    1.Don't sign

    2.Use the certificate store

    3.Use a certificate file

    If i choose 2, it will prompt the windows sercurity dialog but no certificate available.

    And if choose 3, where can i get the correct certificate file?

    anyone has  the same issue?

    Tuesday, June 12, 2012 7:35 AM

Answers

  • On WHCK Studio machine, use certutil.exe to import the .pfx to Personal Certificate Store, and then sign the package with the option of "use certifciate store".

    certutil –user –p password –importPFX PFXFile

    That works.


    • Proposed as answer by Fred ZH Thursday, June 14, 2012 6:24 AM
    • Edited by Fred ZH Thursday, June 14, 2012 6:24 AM
    • Marked as answer by peng ge Thursday, June 14, 2012 6:34 AM
    Thursday, June 14, 2012 6:21 AM
  • Hi, i see that pvk2pfx.exe(in SDK folder\bin\X86) can gernetare a pfx file. This may help you. I'm also trying this.

    http://msdn.microsoft.com/zh-cn/library/ff552299(v=vs.85).aspx


    Wednesday, June 13, 2012 11:19 AM
  • The WDK provides the tools you need, such as certmgr, as well as signtool which is used to apply the certificate. It also has the tools to create catalog files and convert them to and from the various file types needed. Again, that is documented in both the Verisign documents and the the KMCS documents in the WDK. The certificate itself needs to be installed in both Trusted Root Certification ... and Trusted Publishers.

    Gary G. Little NanoTelesis Systems, LLC

    Tuesday, June 12, 2012 1:12 PM
  • Thanks Bear,

    I just have got the same answer from HCK support.  And it works.

    • Proposed as answer by Fred ZH Thursday, June 14, 2012 8:39 AM
    • Marked as answer by peng ge Thursday, June 14, 2012 9:12 AM
    Thursday, June 14, 2012 6:34 AM

All replies

  • Hi,

    I have the same issue; it seems related to certificate format, I have to use Verisign spc/pvk files but this tool expects a .cer or .pfx...

    If anyone knows how to convert or if there is a natural way to sign from HCK tool, please let us know.

    Thanks.

    Tuesday, June 12, 2012 7:49 AM
  • Verisign should have a readme or other documentation. Have you read it? You will also find documentation in the WDK. Have you read that? Either or both provides step by step procedures on how to create, or what files needed.

    Gary G. Little NanoTelesis Systems, LLC

    Tuesday, June 12, 2012 12:25 PM
  • Hi Gary,

    if you are refering to the document available at this address Hardware Certfication Step by step guide, to me it is helpless as I still don't know how to use the Verisign certificate:

    I installed the Verisign certificate in the "Trusted Root Certifcate Authorities" store but it does not show up using "Use the certificate store".

    HCK Users guide has no useful information on this as well.

    Would you please provide us some useful link?

    Thanks

    
    
    Tuesday, June 12, 2012 12:52 PM
  • The WDK provides the tools you need, such as certmgr, as well as signtool which is used to apply the certificate. It also has the tools to create catalog files and convert them to and from the various file types needed. Again, that is documented in both the Verisign documents and the the KMCS documents in the WDK. The certificate itself needs to be installed in both Trusted Root Certification ... and Trusted Publishers.

    Gary G. Little NanoTelesis Systems, LLC

    Tuesday, June 12, 2012 1:12 PM
  • Hi Gary,

    I have installed the HCK, not the WDK but I guess these documents are there also?

    I searched for the KMCS documents in the HCK but wasn't able to find them under program files\Windows Kit\8.0.

    BTW, it would be nice to have this documentation available (a link would be OK) in the HCK user's guide.

    Thanks

    Tuesday, June 12, 2012 1:45 PM
  • Do a general search for "kernel mode code signing" in the new development libraries. If not there, then get the Win 7 WDK where that documentation is found. This is rather critical to the the delivery of 64 bit systems so if it's not there now I would think that it soon should be.

    Unfortunately, I'm head over heels in porting a diagnostic tool for HHD/SSD to Apple Mac OS X and have not downloaded the Win 8 development tools.


    Gary G. Little NanoTelesis Systems, LLC

    Tuesday, June 12, 2012 2:22 PM
  • Ok,

    thanks Gary

    Tuesday, June 12, 2012 3:30 PM
  • Hi, i see that pvk2pfx.exe(in SDK folder\bin\X86) can gernetare a pfx file. This may help you. I'm also trying this.

    http://msdn.microsoft.com/zh-cn/library/ff552299(v=vs.85).aspx


    Wednesday, June 13, 2012 11:19 AM
  • Hi Peng,

    pvk2pfx worked fine. Now I'm able to sign the package using "use certificate file".

    Thanks

    Wednesday, June 13, 2012 12:16 PM
  • Hi Str

    Thanks for your reply. I think i can also get it work tomorrow.


    • Edited by peng ge Wednesday, June 13, 2012 1:13 PM
    Wednesday, June 13, 2012 1:13 PM
  • Hi Str,

    I still can't sign the package successfully use the pfx file.

    My pfx has password but it don't let me input the password.

    Does your pfx have a password?

    Thursday, June 14, 2012 1:20 AM
  • On WHCK Studio machine, use certutil.exe to import the .pfx to Personal Certificate Store, and then sign the package with the option of "use certifciate store".

    certutil –user –p password –importPFX PFXFile

    That works.


    • Proposed as answer by Fred ZH Thursday, June 14, 2012 6:24 AM
    • Edited by Fred ZH Thursday, June 14, 2012 6:24 AM
    • Marked as answer by peng ge Thursday, June 14, 2012 6:34 AM
    Thursday, June 14, 2012 6:21 AM
  • Thanks Bear,

    I just have got the same answer from HCK support.  And it works.

    • Proposed as answer by Fred ZH Thursday, June 14, 2012 8:39 AM
    • Marked as answer by peng ge Thursday, June 14, 2012 9:12 AM
    Thursday, June 14, 2012 6:34 AM
  • Thanks Bear,

    I just have got the same answer from HCK support.  And it works.

    Yes, that is me :-)

    Thanks for contacting Microsoft Support.

    Thursday, June 14, 2012 8:40 AM
  • Can you share what error occurred. If the error is generic, please include appropriate error message(s) for the Windows event log - "HCK - Hardware Certification Kit"

    John -- This posting is provided "AS IS" with no warranties, and confers no rights.

    Wednesday, August 15, 2012 5:26 PM
  • Hi...I also have the same issue but some different.

    I buy a verisign was linked with MS in June. 

    I have two kinds of certificates. 

     1)  Certificate generated to the link below --> "products.verisign.com". CER or P7B type

        "https://products.websecurity.symantec.com/orders/enrollment/CSRGen.do"

      2) E-mail sent to the code 

        " -----BEGIN CERTIFICATE----- ..........-----End CERTIFICATE-----"

       : copy notepad -> change file name txt -> Cer : CER or Pkc type

    → Both certificates were installed at MMC 

    Select "Use a certificate File" at HCK, and Apply each certificate. Both the error occurred.

    Please Help me. How can I solve the issue?

    Thursday, August 16, 2012 1:40 AM
  • Thanks your reply.

    Error Massage : Unable to use the selected certificate to sign the package

    HCK-Event Log : Could not create submission package - Cannot locate the selected digital certificate

                              Could not create submission package - Signing key is not loaded




    • Edited by SW.S Thursday, August 16, 2012 5:47 AM
    Thursday, August 16, 2012 2:29 AM
  • I was just solve the problem.

    Cause of my problem, I did not know exactly how to install the certificate. 

    Reference..."Get a Verisign Certificate"  

       : http://msdn.microsoft.com/en-us/library/windows/desktop/hh801887.aspx

       Retrieving a Certificate

         4.The code signing certificate is now installed on your computer.

       Next Step.  

          5.  In Internet Explorer, click Tools > Internet Options > Content tab

            Click Certificates > the Personal tab > See the Verisign certificate

         6. Click the certificates > Export > Certificate export wizard > install PFX file

         7. HCK > Create package > "use a certificate store" > I can see the certificate > Click "Ok" > Success

    Thank you... everyone

     

       

    • Edited by SW.S Thursday, August 16, 2012 5:46 AM
    Thursday, August 16, 2012 5:34 AM
  • Does anyone know how to solve this?

    Thank you.


    Link to the answer's thread
    • Edited by sekihdn Friday, September 7, 2012 12:29 AM
    Wednesday, September 5, 2012 12:09 AM