question

VisriEdupuganti-9426 avatar image
0 Votes"
VisriEdupuganti-9426 asked VisriEdupuganti-9426 edited

Digital Signing of HLK/HCK files

Looking for any command line tool or other options available for digital signing HLK/HCK files.

My requirement is to be able to sign the HLK/HCK files using keys present in HSM with out KSP/CSP in picture.

We had similar requirement for signing EXE's and DLL's. Was able to achieve it with signtool.exe using /dg /di options as described in the below link.

https://stackoverflow.com/questions/57930959/signtool-exe-dg-ds-di-options-and-timestamping

Is there any way to achieve the same for HLK/HCK signing ?

Thanks,

windows-api
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Can this HLK Signing with an HSM reference help you?


0 Votes 0 ·

I have gone through this link before. This will need a CSP to access the keys present in HSM which I don't have. I think most of the HSMs come with a vendor specific CSP which can be installed on our machines and used for signing in a way described in the link. But the one we are using doesn't have a CSP. Instead it provided an API which has a sign method and can be used for digital signing. This API sign method takes digest of the file as input , signs it using the keys present in HSM and returns back the signed digest.

For EXE's and DLL's, signtool.exe has an option to create the signature by ingesting this signed digest using \di option and it works as expected . sample command used for this is
signtool.exe sign /di "C:\signedDigest" sample.exe

Not sure what can be done for HLK/HCK signing. Any input on this would be of great help.

Thanks.


0 Votes 0 ·

0 Answers