Driver signing question

TheMSsForum.com: The Microsoft Software Forum

Hey All,

Quick question about driver signing. I hope this is the correct forum
for my question.

I have a device driver for an external PNP device. I am currently
signing it and will be shipping it out in my next software release
targeting windows vista. I understand that signatures do expire. I'm
uncertain if the signature on my signed drivers expire (they do
expire, don't they? Where can I find the expiration date?).
Furthermore, what will happen when the drivers expire? The drivers, I
assume, will still work with the device after the drivers expire,
correct? What happens when a user tries to install my device drivers
after they expire? Do they just get a notice that the drivers have
expired?

Thanks in advance,
Matt
Top

Re: Driver signing question by Skywing

Skywing
Fri Aug 24 16:57:55 CDT 2007

If you have countersigned the signature with a trusted timestamp signing
authority (e.g. VeriSign's timestamp authority), the signature will remain
valid after the signing certificate has expired, so long as the
countersigned timestamp is before the signing certificate's expiration date.
IOW, as long as you signed the file while your cert was not expired AND
timestamped it with a countersigned timestamp, it'll still be good.

--
Ken Johnson (Skywing)
Windows SDK MVP
http://www.nynaeve.net
<weiss.matt@gmail.com> wrote in message
news:1187985060.343746.270600@l22g2000prc.googlegroups.com...
> Hey All,
>
> Quick question about driver signing. I hope this is the correct forum
> for my question.
>
> I have a device driver for an external PNP device. I am currently
> signing it and will be shipping it out in my next software release
> targeting windows vista. I understand that signatures do expire. I'm
> uncertain if the signature on my signed drivers expire (they do
> expire, don't they? Where can I find the expiration date?).
> Furthermore, what will happen when the drivers expire? The drivers, I
> assume, will still work with the device after the drivers expire,
> correct? What happens when a user tries to install my device drivers
> after they expire? Do they just get a notice that the drivers have
> expired?
>
> Thanks in advance,
> Matt
>

Top

Re: Driver signing question by Maxim

Maxim
Sat Aug 25 14:12:46 CDT 2007

IIRC you can include Verisign timestamping in your signature, which will
make expiration by far lesser deadly.

--
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
maxim@storagecraft.com
http://www.storagecraft.com

<weiss.matt@gmail.com> wrote in message
news:1187985060.343746.270600@l22g2000prc.googlegroups.com...
> Hey All,
>
> Quick question about driver signing. I hope this is the correct forum
> for my question.
>
> I have a device driver for an external PNP device. I am currently
> signing it and will be shipping it out in my next software release
> targeting windows vista. I understand that signatures do expire. I'm
> uncertain if the signature on my signed drivers expire (they do
> expire, don't they? Where can I find the expiration date?).
> Furthermore, what will happen when the drivers expire? The drivers, I
> assume, will still work with the device after the drivers expire,
> correct? What happens when a user tries to install my device drivers
> after they expire? Do they just get a notice that the drivers have
> expired?
>
> Thanks in advance,
> Matt
>

Top

Re: Driver signing question by weiss

weiss
Mon Aug 27 06:55:14 CDT 2007

Hi Ken,

Thanks for the reply. Do you know what happens if the drivers should
expire? Perhaps I shouldn't worry about this and just focus on
countersigning my drivers.

Thanks,
Matt

On Aug 24, 5:57 pm, "Skywing [MVP]"
<skywing_NO_SP...@valhallalegends.com> wrote:
> If you have countersigned the signature with a trusted timestamp signing
> authority (e.g. VeriSign's timestamp authority), the signature will remain
> valid after the signing certificate has expired, so long as the
> countersigned timestamp is before the signing certificate's expiration date.
> IOW, as long as you signed the file while your cert was not expired AND
> timestamped it with a countersigned timestamp, it'll still be good.
>
> --
> Ken Johnson (Skywing)
> Windows SDK MVPhttp://www.nynaeve.net<weiss.m...@gmail.com> wrote in message
>
> news:1187985060.343746.270600@l22g2000prc.googlegroups.com...
>
> > Hey All,
>
> > Quick question about driver signing. I hope this is the correct forum
> > for my question.
>
> > I have a device driver for an external PNP device. I am currently
> > signing it and will be shipping it out in my next software release
> > targeting windows vista. I understand that signatures do expire. I'm
> > uncertain if the signature on my signed drivers expire (they do
> > expire, don't they? Where can I find the expiration date?).
> > Furthermore, what will happen when the drivers expire? The drivers, I
> > assume, will still work with the device after the drivers expire,
> > correct? What happens when a user tries to install my device drivers
> > after they expire? Do they just get a notice that the drivers have
> > expired?
>
> > Thanks in advance,
> > Matt


Top

Re: Driver signing question by David

David
Mon Aug 27 11:16:34 CDT 2007

Drivers don't expire. The Verisign (or other) certificate used to sign a
driver does expire, but if there is a time stamp signature in the driver it
will not matter. It only matters if the certificate is revoked. If the
cert was valid at the time it was stamped, it will continue to work. If
not, on certain Windows OS versions the driver will no longer load.

--
David J. Craig
Engineer, Sr. Staff Software Systems
Broadcom Corporation


<weiss.matt@gmail.com> wrote in message
news:1188215714.319785.220030@19g2000hsx.googlegroups.com...
> Hi Ken,
>
> Thanks for the reply. Do you know what happens if the drivers should
> expire? Perhaps I shouldn't worry about this and just focus on
> countersigning my drivers.
>
> Thanks,
> Matt
>
> On Aug 24, 5:57 pm, "Skywing [MVP]"
> <skywing_NO_SP...@valhallalegends.com> wrote:
>> If you have countersigned the signature with a trusted timestamp signing
>> authority (e.g. VeriSign's timestamp authority), the signature will
>> remain
>> valid after the signing certificate has expired, so long as the
>> countersigned timestamp is before the signing certificate's expiration
>> date.
>> IOW, as long as you signed the file while your cert was not expired AND
>> timestamped it with a countersigned timestamp, it'll still be good.
>>
>> --
>> Ken Johnson (Skywing)
>> Windows SDK MVPhttp://www.nynaeve.net<weiss.m...@gmail.com> wrote in
>> message
>>
>> news:1187985060.343746.270600@l22g2000prc.googlegroups.com...
>>
>> > Hey All,
>>
>> > Quick question about driver signing. I hope this is the correct forum
>> > for my question.
>>
>> > I have a device driver for an external PNP device. I am currently
>> > signing it and will be shipping it out in my next software release
>> > targeting windows vista. I understand that signatures do expire. I'm
>> > uncertain if the signature on my signed drivers expire (they do
>> > expire, don't they? Where can I find the expiration date?).
>> > Furthermore, what will happen when the drivers expire? The drivers, I
>> > assume, will still work with the device after the drivers expire,
>> > correct? What happens when a user tries to install my device drivers
>> > after they expire? Do they just get a notice that the drivers have
>> > expired?
>>
>> > Thanks in advance,
>> > Matt
>
>


Top