Verify the Signed Catalog File
Applies To: Windows Server 2008
You can use this procedure to verify the signature that you added to a device driver package. You can also check the validity of individual files in the driver package against the hash stored in the signed catalog file.
Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.
To validate your driver package signature, you can perform the following procedures:
Verify the signature on the catalog file
Verify the hash of a file in a signed driver package
To verify the signature on the catalog file
Open a WDK Build Environment command prompt by using the Run as administrator option. Review the details in "Additional considerations" in this topic.
At the command prompt, type the following, and then press ENTER:
signtool **verify **filename.cat
Value | Description |
---|---|
verify |
Specifies that SignTool is to verify the signature of the catalog file. |
filename.cat |
Specifies the path and file name of the catalog file to be verified. |
Formatting legend
Format | Meaning |
---|---|
Italic |
Information that the user must supply |
Bold |
Elements that the user must type exactly as shown |
You can check if a file has been modified since the hash was calculated and placed in the catalog file.
To verify the hash for a file in a signed driver package
Open a WDK Build Environment command prompt by using the Run as administrator option. Review the details in "Additional considerations" in this topic.
At the command prompt, type the following, and then press ENTER:
signtoolverify /c filename.cat filenametoverify.ext
Value | Description |
---|---|
verify |
Specifies that SignTool is to verify the signature of the catalog file. |
/c |
Specifies the catalog containing the hash to be used to verify the integrity of the file. |
filename.cat |
Specifies the path and file name of the catalog file to be verified. |
filenametoverify.ext |
Specifies the file to be verified. |
Formatting legend
Format | Meaning |
---|---|
Italic |
Information that the user must supply |
Bold |
Elements that the user must type exactly as shown |
Additional considerations
To start a WDK Build Environment command prompt by using the Run as administrator option, click Start, All Programs, Windows Driver Kits, WDK <your build number>, Build Environments, and Windows Vista and Windows Server. Right-click Windows Vista and Windows Server Longhorn x86 Free Build Environment, and then click Run as administrator.
The SignTool tool must be run at a command line started by using the Run as administrator option. The tool does not generate User Account Control prompts, and will fail if run from a non-elevated command line.
Additional references
For more information about SignTool and the options it supports, see "Using SignTool" in the WDK at https://go.microsoft.com/fwlink/?LinkId=82263.
The command line reference for SignTool can be found in the WDK documentation. See "SignTool" at https://go.microsoft.com/fwlink/?LinkId=82264.