Hello,
I am trying to sign kernel mode driver with two signatures, sha1 for Win7 and sha256 for Win8. The first sign is ok, the driver is installable and loadable by Win7x64, but the second sign is incomplete. In Properties->Digital Sign are visible both lines,
first has digest algorithm sha1, the second has sha256. the first is valid, but the second shows error: "No signature was present in the subject".
Command: "signtool.exe" verify /ds 0 /v /kp filename.cat" outputs three chains: Signing Certificate Chain, Timestamp verified chain and Cross-certificate chain, but
Command: "signtool.exe" verify /ds 1 /v /kp filename.cat" outputs only two chains: Signing Certificate Chain, Timestamp verified chain and outputs error "No signature found".
When I add only one signature sha256, it is valid and usable with Win8. Only case when I try to add both - the second is incomplete.
I use this commands:
signtool.exe sign /debug /v /ac "..\cross-certificate.crt" /sha1 signercertificatehash /fd sha1 /t
http://timestamp.comodoca.com/authenticode /d "ServiceName" filename.cat
signtool.exe sign /debug /v /ac "..\cross-certificate.crt" /sha1 signercertificatehash /fd sha256 /as /tr
http://timestamp.comodoca.com/rfc3161 /td sha256 /d "ServiceName" filename.cat
How to add valid second sha256 signature ?
Peter