Open bill-dtex opened 2 years ago
clairernovotny
commented
2 years ago Are there example files that we can use? At first glance it looks like an OPC file, so we may already have the code for that but I don't know how to create or validate those files.
https://docs.microsoft.com/en-us/windows-hardware/test/hlk/user/hlk-signing-with-an-hsm#code-samples
/cc @vcsjones
bill-dtex
commented
2 years ago Claire,
I am working to provide a hlkx file produced with a sample driver. As to validation, I only know of looking at the file properties, Digital Signatures tab.
Thanks, Bill
From: Claire Novotny @.> Sent: Saturday, February 12, 2022 6:14 AM To: dotnet/SignService @.> Cc: Bill Tang @.>; Author @.> Subject: Re: [dotnet/SignService] sign .hlkx file (Issue #422)
[ External Sender ]
Are there example files that we can use? At first glance it looks like an OPC file, so we may already have the code for that but I don't know how to create or validate those files.
https://docs.microsoft.com/en-us/windows-hardware/test/hlk/user/hlk-signing-with-an-hsm#code-sampleshttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows-hardware%2Ftest%2Fhlk%2Fuser%2Fhlk-signing-with-an-hsm%23code-samples&data=04%7C01%7Cbill.tang%40dtexsystems.com%7C3df57c4dbf2a4041ed5108d9ee31df3f%7C44618ca58bdf4162badc3f07869c4fab%7C0%7C0%7C637802720254004958%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=nzFuO9nrlECIpsKbWWn3WkWce5SXATPvanAyI8nEJPk%3D&reserved=0
- Reply to this email directly, view it on GitHubhttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fdotnet%2FSignService%2Fissues%2F422%23issuecomment-1037236955&data=04%7C01%7Cbill.tang%40dtexsystems.com%7C3df57c4dbf2a4041ed5108d9ee31df3f%7C44618ca58bdf4162badc3f07869c4fab%7C0%7C0%7C637802720254004958%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=f0vPiw0ggnE4%2BncUyL3xQhCuKziPe0SPLwmJMmTdCtQ%3D&reserved=0, or unsubscribehttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAXXIMCWKZRYKEQG5WJCNZYTU2ZTJLANCNFSM5OF5U7KA&data=04%7C01%7Cbill.tang%40dtexsystems.com%7C3df57c4dbf2a4041ed5108d9ee31df3f%7C44618ca58bdf4162badc3f07869c4fab%7C0%7C0%7C637802720254004958%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=q0U9z9aPrETopxB5TAvGkV7Z%2FaTVSZEZEloOSECZqaU%3D&reserved=0. Triage notifications on the go with GitHub Mobile for iOShttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapps.apple.com%2Fapp%2Fapple-store%2Fid1477376905%3Fct%3Dnotification-email%26mt%3D8%26pt%3D524675&data=04%7C01%7Cbill.tang%40dtexsystems.com%7C3df57c4dbf2a4041ed5108d9ee31df3f%7C44618ca58bdf4162badc3f07869c4fab%7C0%7C0%7C637802720254004958%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Y%2Fd23bCTRt7n46q81Rj3nqLEFe%2BEbCGeTQf9GCAJFEk%3D&reserved=0 or Androidhttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fplay.google.com%2Fstore%2Fapps%2Fdetails%3Fid%3Dcom.github.android%26referrer%3Dutm_campaign%253Dnotification-email%2526utm_medium%253Demail%2526utm_source%253Dgithub&data=04%7C01%7Cbill.tang%40dtexsystems.com%7C3df57c4dbf2a4041ed5108d9ee31df3f%7C44618ca58bdf4162badc3f07869c4fab%7C0%7C0%7C637802720254004958%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=pei8b1DzdsBWBlWz1y3hD8iYQtoaG5QeuuvvTpUNwzA%3D&reserved=0. You are receiving this because you authored the thread.Message ID: @.**@.>>
This communication is intended for the addressee named and may contain confidential or commercially sensitive information. It should be considered as 'Commercial in Confidence'. Reproduction, dissemination or distribution of this message is prohibited unless authorized by the original sender. The content of this email and any attachments may be subject to Copyright by the original author, and therefore cannot be reproduced without the copyright owner's specific written permission. Any opinion expressed in this email is not necessarily that of the Dtex Group of Companies or its Directors unless specifically stated as such. Although Anti-Virus software is used by the original Author, and all care is taken in the transmission of this communication, no warranty as to this email, or any of its attachments, being "uncorrupted", "unaltered" and "virus free" is implied or given. If you receive this email in error, please delete it from your system immediately and notify the sender at the above email address. Your cooperation is appreciated and requested.
bill-dtex
commented
2 years ago Claire,
Attached is a sample hlkx file for signing. As to validation, I only know of looking at the file properties, Digital Signatures tab.
Thanks, Bill
From: Claire Novotny @.> Sent: Saturday, February 12, 2022 6:14 AM To: dotnet/SignService @.> Cc: Bill Tang @.>; Author @.> Subject: Re: [dotnet/SignService] sign .hlkx file (Issue #422)
[ External Sender ]
Are there example files that we can use? At first glance it looks like an OPC file, so we may already have the code for that but I don't know how to create or validate those files.
https://docs.microsoft.com/en-us/windows-hardware/test/hlk/user/hlk-signing-with-an-hsm#code-sampleshttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows-hardware%2Ftest%2Fhlk%2Fuser%2Fhlk-signing-with-an-hsm%23code-samples&data=04%7C01%7Cbill.tang%40dtexsystems.com%7C3df57c4dbf2a4041ed5108d9ee31df3f%7C44618ca58bdf4162badc3f07869c4fab%7C0%7C0%7C637802720254004958%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=nzFuO9nrlECIpsKbWWn3WkWce5SXATPvanAyI8nEJPk%3D&reserved=0
- Reply to this email directly, view it on GitHubhttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fdotnet%2FSignService%2Fissues%2F422%23issuecomment-1037236955&data=04%7C01%7Cbill.tang%40dtexsystems.com%7C3df57c4dbf2a4041ed5108d9ee31df3f%7C44618ca58bdf4162badc3f07869c4fab%7C0%7C0%7C637802720254004958%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=f0vPiw0ggnE4%2BncUyL3xQhCuKziPe0SPLwmJMmTdCtQ%3D&reserved=0, or unsubscribehttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAXXIMCWKZRYKEQG5WJCNZYTU2ZTJLANCNFSM5OF5U7KA&data=04%7C01%7Cbill.tang%40dtexsystems.com%7C3df57c4dbf2a4041ed5108d9ee31df3f%7C44618ca58bdf4162badc3f07869c4fab%7C0%7C0%7C637802720254004958%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=q0U9z9aPrETopxB5TAvGkV7Z%2FaTVSZEZEloOSECZqaU%3D&reserved=0. Triage notifications on the go with GitHub Mobile for iOShttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapps.apple.com%2Fapp%2Fapple-store%2Fid1477376905%3Fct%3Dnotification-email%26mt%3D8%26pt%3D524675&data=04%7C01%7Cbill.tang%40dtexsystems.com%7C3df57c4dbf2a4041ed5108d9ee31df3f%7C44618ca58bdf4162badc3f07869c4fab%7C0%7C0%7C637802720254004958%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Y%2Fd23bCTRt7n46q81Rj3nqLEFe%2BEbCGeTQf9GCAJFEk%3D&reserved=0 or Androidhttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fplay.google.com%2Fstore%2Fapps%2Fdetails%3Fid%3Dcom.github.android%26referrer%3Dutm_campaign%253Dnotification-email%2526utm_medium%253Demail%2526utm_source%253Dgithub&data=04%7C01%7Cbill.tang%40dtexsystems.com%7C3df57c4dbf2a4041ed5108d9ee31df3f%7C44618ca58bdf4162badc3f07869c4fab%7C0%7C0%7C637802720254004958%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=pei8b1DzdsBWBlWz1y3hD8iYQtoaG5QeuuvvTpUNwzA%3D&reserved=0. You are receiving this because you authored the thread.Message ID: @.**@.>>
This communication is intended for the addressee named and may contain confidential or commercially sensitive information. It should be considered as 'Commercial in Confidence'. Reproduction, dissemination or distribution of this message is prohibited unless authorized by the original sender. The content of this email and any attachments may be subject to Copyright by the original author, and therefore cannot be reproduced without the copyright owner's specific written permission. Any opinion expressed in this email is not necessarily that of the Dtex Group of Companies or its Directors unless specifically stated as such. Although Anti-Virus software is used by the original Author, and all care is taken in the transmission of this communication, no warranty as to this email, or any of its attachments, being "uncorrupted", "unaltered" and "virus free" is implied or given. If you receive this email in error, please delete it from your system immediately and notify the sender at the above email address. Your cooperation is appreciated and requested.
bill-dtex
commented
2 years ago The signing is successful if the .hlkx file is renamed to .psm1 !!!
-Bill
From: Bill Tang Sent: Tuesday, February 15, 2022 6:10 PM To: 'dotnet/SignService' @.>; dotnet/SignService @.> Cc: Author @.***> Subject: RE: [dotnet/SignService] sign .hlkx file (Issue #422)
Claire,
Attached is a sample hlkx file for signing. As to validation, I only know of looking at the file properties, Digital Signatures tab.
Thanks, Bill
From: Claire Novotny @.**@.>> Sent: Saturday, February 12, 2022 6:14 AM To: dotnet/SignService @.**@.>> Cc: Bill Tang @.**@.>>; Author @.**@.>> Subject: Re: [dotnet/SignService] sign .hlkx file (Issue #422)
[ External Sender ]
Are there example files that we can use? At first glance it looks like an OPC file, so we may already have the code for that but I don't know how to create or validate those files.
https://docs.microsoft.com/en-us/windows-hardware/test/hlk/user/hlk-signing-with-an-hsm#code-sampleshttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows-hardware%2Ftest%2Fhlk%2Fuser%2Fhlk-signing-with-an-hsm%23code-samples&data=04%7C01%7Cbill.tang%40dtexsystems.com%7C3df57c4dbf2a4041ed5108d9ee31df3f%7C44618ca58bdf4162badc3f07869c4fab%7C0%7C0%7C637802720254004958%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=nzFuO9nrlECIpsKbWWn3WkWce5SXATPvanAyI8nEJPk%3D&reserved=0
- Reply to this email directly, view it on GitHubhttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fdotnet%2FSignService%2Fissues%2F422%23issuecomment-1037236955&data=04%7C01%7Cbill.tang%40dtexsystems.com%7C3df57c4dbf2a4041ed5108d9ee31df3f%7C44618ca58bdf4162badc3f07869c4fab%7C0%7C0%7C637802720254004958%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=f0vPiw0ggnE4%2BncUyL3xQhCuKziPe0SPLwmJMmTdCtQ%3D&reserved=0, or unsubscribehttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAXXIMCWKZRYKEQG5WJCNZYTU2ZTJLANCNFSM5OF5U7KA&data=04%7C01%7Cbill.tang%40dtexsystems.com%7C3df57c4dbf2a4041ed5108d9ee31df3f%7C44618ca58bdf4162badc3f07869c4fab%7C0%7C0%7C637802720254004958%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=q0U9z9aPrETopxB5TAvGkV7Z%2FaTVSZEZEloOSECZqaU%3D&reserved=0. Triage notifications on the go with GitHub Mobile for iOShttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapps.apple.com%2Fapp%2Fapple-store%2Fid1477376905%3Fct%3Dnotification-email%26mt%3D8%26pt%3D524675&data=04%7C01%7Cbill.tang%40dtexsystems.com%7C3df57c4dbf2a4041ed5108d9ee31df3f%7C44618ca58bdf4162badc3f07869c4fab%7C0%7C0%7C637802720254004958%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Y%2Fd23bCTRt7n46q81Rj3nqLEFe%2BEbCGeTQf9GCAJFEk%3D&reserved=0 or Androidhttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fplay.google.com%2Fstore%2Fapps%2Fdetails%3Fid%3Dcom.github.android%26referrer%3Dutm_campaign%253Dnotification-email%2526utm_medium%253Demail%2526utm_source%253Dgithub&data=04%7C01%7Cbill.tang%40dtexsystems.com%7C3df57c4dbf2a4041ed5108d9ee31df3f%7C44618ca58bdf4162badc3f07869c4fab%7C0%7C0%7C637802720254004958%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=pei8b1DzdsBWBlWz1y3hD8iYQtoaG5QeuuvvTpUNwzA%3D&reserved=0. You are receiving this because you authored the thread.Message ID: @.**@.>>
This communication is intended for the addressee named and may contain confidential or commercially sensitive information. It should be considered as 'Commercial in Confidence'. Reproduction, dissemination or distribution of this message is prohibited unless authorized by the original sender. The content of this email and any attachments may be subject to Copyright by the original author, and therefore cannot be reproduced without the copyright owner's specific written permission. Any opinion expressed in this email is not necessarily that of the Dtex Group of Companies or its Directors unless specifically stated as such. Although Anti-Virus software is used by the original Author, and all care is taken in the transmission of this communication, no warranty as to this email, or any of its attachments, being "uncorrupted", "unaltered" and "virus free" is implied or given. If you receive this email in error, please delete it from your system immediately and notify the sender at the above email address. Your cooperation is appreciated and requested.
clairernovotny
commented
2 years ago Attachments don't seem to be coming through the email reply mechanism. Can you please post it to this issue?
bill-dtex
commented
2 years ago Hello Claire,
My organization policy does not allow posting to public forum. Is there a way to upload the file to you directly?
Is there a beta release of AzureSignTool that accepts the .hlkx file extension. I can test this.
The hlkx file indeed looks to be an OPC file. When signed, the signature be can verified by renaming it to a .zip and looking into \package\services\digital-signature
-Bill
From: Claire Novotny @.> Sent: Wednesday, February 16, 2022 3:18 PM To: dotnet/SignService @.> Cc: Bill Tang @.>; Author @.> Subject: Re: [dotnet/SignService] sign .hlkx file (Issue #422)
[ External Sender ]
Attachments don't seem to be coming through the email reply mechanism. Can you please post it to this issue?
- Reply to this email directly, view it on GitHubhttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fdotnet%2FSignService%2Fissues%2F422%23issuecomment-1042401714&data=04%7C01%7Cbill.tang%40dtexsystems.com%7C9c7aec7df01e4549c5d808d9f1a28f1e%7C44618ca58bdf4162badc3f07869c4fab%7C0%7C0%7C637806502781213393%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=gZjmkpG6OziQzDcGNi8GOMRLfEhzjss42ayhnJyWZpM%3D&reserved=0, or unsubscribehttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAXXIMCUHA7H3RQXCY3WZNETU3QWCBANCNFSM5OF5U7KA&data=04%7C01%7Cbill.tang%40dtexsystems.com%7C9c7aec7df01e4549c5d808d9f1a28f1e%7C44618ca58bdf4162badc3f07869c4fab%7C0%7C0%7C637806502781213393%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=ebUvlI4X%2B3oXxY%2FuXGke4u3eurYDM%2F6HFvBuB6%2B8Cvw%3D&reserved=0. Triage notifications on the go with GitHub Mobile for iOShttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapps.apple.com%2Fapp%2Fapple-store%2Fid1477376905%3Fct%3Dnotification-email%26mt%3D8%26pt%3D524675&data=04%7C01%7Cbill.tang%40dtexsystems.com%7C9c7aec7df01e4549c5d808d9f1a28f1e%7C44618ca58bdf4162badc3f07869c4fab%7C0%7C0%7C637806502781213393%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=ILfBcxGaj0PhSejaqgj%2FQq%2BZeOLPp%2Fl9ZbiHM84YTwg%3D&reserved=0 or Androidhttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fplay.google.com%2Fstore%2Fapps%2Fdetails%3Fid%3Dcom.github.android%26referrer%3Dutm_campaign%253Dnotification-email%2526utm_medium%253Demail%2526utm_source%253Dgithub&data=04%7C01%7Cbill.tang%40dtexsystems.com%7C9c7aec7df01e4549c5d808d9f1a28f1e%7C44618ca58bdf4162badc3f07869c4fab%7C0%7C0%7C637806502781213393%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=0Yj5mYpA8kSe4Vsm2eQuK%2FZZLSEQzJJh27DyvbZ%2Fmwc%3D&reserved=0. You are receiving this because you authored the thread.Message ID: @.**@.>>
This communication is intended for the addressee named and may contain confidential or commercially sensitive information. It should be considered as 'Commercial in Confidence'. Reproduction, dissemination or distribution of this message is prohibited unless authorized by the original sender. The content of this email and any attachments may be subject to Copyright by the original author, and therefore cannot be reproduced without the copyright owner's specific written permission. Any opinion expressed in this email is not necessarily that of the Dtex Group of Companies or its Directors unless specifically stated as such. Although Anti-Virus software is used by the original Author, and all care is taken in the transmission of this communication, no warranty as to this email, or any of its attachments, being "uncorrupted", "unaltered" and "virus free" is implied or given. If you receive this email in error, please delete it from your system immediately and notify the sender at the above email address. Your cooperation is appreciated and requested.
clairernovotny
commented
2 years ago Is there a test file that you can upload that doesn't contain anything proprietary? That would be very helpful. Otherwise you can email me at first dot last at microsoft dot com with a link to the file (attachments sometimes get eaten).
AzureSignTool doesn't do OPC but OpenOpcSignTool does. I'm not sure if it checks extensions though: https://github.com/vcsjones/OpenOpcSignTool
type4ranjan
commented
2 years ago @bill-dtex After renaming to psm1 and signing with azuresigntool, were you able to submit the signed hlkx file to microsoft hardware submission portal?
bill-dtex
commented
2 years ago No, the signature did not work for submission to the Microsoft Hardware Submission Portal.
A simple verification is to rename it back to .hlkx and use file explorer to look at the file properties, digital signatures tab.
According to this article HLK Signing with an HSMhttps://docs.microsoft.com/en-us/windows-hardware/test/hlk/user/hlk-signing-with-an-hsm, it requires signing via the PackageDigitialSignatureManager APIs. It will be good if this capability is added to SignService.
In the end, we had to abandon using the Azure Key Vault for the submission. For now, we are using the old HLK SDK PackageManger APIs with our Authenticode certificate (loaded to the Windows Certificate Store).
-Bill
From: type4ranjan @.> Sent: Tuesday, March 29, 2022 4:23 AM To: dotnet/SignService @.> Cc: Bill Tang @.>; Mention @.> Subject: Re: [dotnet/SignService] sign .hlkx file (Issue #422)
[ External Sender ]
@bill-dtexhttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fbill-dtex&data=04%7C01%7Cbill.tang%40dtexsystems.com%7Cd4df8cb4013743b582b208da1176870a%7C44618ca58bdf4162badc3f07869c4fab%7C0%7C0%7C637841498065888455%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=us2wdLOQb8fdkR6Q3ulOcgnjTyuapfvqsPvserCztKY%3D&reserved=0 After renaming to psm1 and signing with azuresigntool, were you able to submit the signed hlkx file to microsoft hardware submission portal?
- Reply to this email directly, view it on GitHubhttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fdotnet%2FSignService%2Fissues%2F422%23issuecomment-1081748074&data=04%7C01%7Cbill.tang%40dtexsystems.com%7Cd4df8cb4013743b582b208da1176870a%7C44618ca58bdf4162badc3f07869c4fab%7C0%7C0%7C637841498065888455%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=69fIz%2FjROBQQ9Z7Squ0Ngq6oq%2FEJDgTmP1vbc1bfFHg%3D&reserved=0, or unsubscribehttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAXXIMCUKUMEJ4HOXTSPUDU3VCLR2PANCNFSM5OF5U7KA&data=04%7C01%7Cbill.tang%40dtexsystems.com%7Cd4df8cb4013743b582b208da1176870a%7C44618ca58bdf4162badc3f07869c4fab%7C0%7C0%7C637841498065888455%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=3FNKgrHfj2ISAoWNxYU5ucLwq2ge%2F6EEFm9kcaiOSsI%3D&reserved=0. You are receiving this because you were mentioned.Message ID: @.**@.>>
This communication is intended for the addressee named and may contain confidential or commercially sensitive information. It should be considered as 'Commercial in Confidence'. Reproduction, dissemination or distribution of this message is prohibited unless authorized by the original sender. The content of this email and any attachments may be subject to Copyright by the original author, and therefore cannot be reproduced without the copyright owner's specific written permission. Any opinion expressed in this email is not necessarily that of the Dtex Group of Companies or its Directors unless specifically stated as such. Although Anti-Virus software is used by the original Author, and all care is taken in the transmission of this communication, no warranty as to this email, or any of its attachments, being "uncorrupted", "unaltered" and "virus free" is implied or given. If you receive this email in error, please delete it from your system immediately and notify the sender at the above email address. Your cooperation is appreciated and requested.
type4ranjan
commented
2 years ago @bill-dtex Is it possible to share the code that you have used to load the keys and certificate from Azure Key Vault to windows certificate store and sign it using HLK SDK PackageManger APIs?
bill-dtex
commented
2 years ago We are using a non-EV code signing certificate for the HLK SDK PackageManager API that is already installed into the Windows Certificate Store, not extracting from the EV certificate from Azure Key Vault and loading to the Windows Certificate Store.
Here are code snippets using PackageManage API. But I suspect this will be legacy and the method from here https://docs.microsoft.com/en-us/windows-hardware/test/hlk/user/hlk-signing-with-an-hsm will be the requirement soon.
using Microsoft.Windows.Kits.Hardware.ObjectModel.Submission;
// Sign the package PackageManager.Sign(sourcePackage, certificate, outputPackage);
private static X509Certificate2 GetCertificateFromStore(string certificateThumbprint, StoreLocation storeLocation) { // get first certificate from MY store that matches the thumbprint }
From: type4ranjan @.> Sent: Wednesday, March 30, 2022 8:30 AM To: dotnet/SignService @.> Cc: Bill Tang @.>; Mention @.> Subject: Re: [dotnet/SignService] sign .hlkx file (Issue #422)
[ External Sender ]
@bill-dtexhttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fbill-dtex&data=04%7C01%7Cbill.tang%40dtexsystems.com%7C8e6ab9c2632f453f3dde08da1262385c%7C44618ca58bdf4162badc3f07869c4fab%7C0%7C0%7C637842510338769926%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=wnuhHLwgaFapVr69exYaZu53BHdElLwghyxH5xsMxjg%3D&reserved=0 Is it possible to share the code that you have used to load the keys and certificate from Azure Key Vault to windows certificate store and sign it using HLK SDK PackageManger APIs?
- Reply to this email directly, view it on GitHubhttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fdotnet%2FSignService%2Fissues%2F422%23issuecomment-1083294165&data=04%7C01%7Cbill.tang%40dtexsystems.com%7C8e6ab9c2632f453f3dde08da1262385c%7C44618ca58bdf4162badc3f07869c4fab%7C0%7C0%7C637842510338769926%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=MUePRkeHi94ZMkIvt58FE%2F1QVM2esZZcgvQKpPJc%2FYg%3D&reserved=0, or unsubscribehttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAXXIMCWXB36CXGL7MK5IY6DVCRXRJANCNFSM5OF5U7KA&data=04%7C01%7Cbill.tang%40dtexsystems.com%7C8e6ab9c2632f453f3dde08da1262385c%7C44618ca58bdf4162badc3f07869c4fab%7C0%7C0%7C637842510338769926%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=pLyewZ83ii3%2FURmn5tEXuaUETyjscfU0p%2BWoqZfr4rQ%3D&reserved=0. You are receiving this because you were mentioned.Message ID: @.**@.>>
This communication is intended for the addressee named and may contain confidential or commercially sensitive information. It should be considered as 'Commercial in Confidence'. Reproduction, dissemination or distribution of this message is prohibited unless authorized by the original sender. The content of this email and any attachments may be subject to Copyright by the original author, and therefore cannot be reproduced without the copyright owner's specific written permission. Any opinion expressed in this email is not necessarily that of the Dtex Group of Companies or its Directors unless specifically stated as such. Although Anti-Virus software is used by the original Author, and all care is taken in the transmission of this communication, no warranty as to this email, or any of its attachments, being "uncorrupted", "unaltered" and "virus free" is implied or given. If you receive this email in error, please delete it from your system immediately and notify the sender at the above email address. Your cooperation is appreciated and requested.
monrapps
commented
1 year ago This works for submission: https://github.com/monrapps/OpenOpcSignTool
Hello,
Need help with signing Windows HLK submission. The HLK will create an .hlkx package file that I can sign using signtool. But AzureSignTool is returning this error: "The file cannot be signed because it is not a recoginized file type for signing or it is corrupt."