关于Vista 64位驱动进行数字签名,根据您发送来的文档,与在微软官网查询Vista 64位数字签名方法与Signtool工具签名命令选项,“/ph”选项是给签名文件添加hash值,根据文档说明,在系统加载时会被读取到内存;
签名操作命令为:
Test-signing example:
Signtool sign /v /ph /s PrivateCertStore /n Contoso.com(Test) /t http://timestamp.verisign.com/scripts/timestamp.dll c:\app.exe
Release-signing example:
Signtool sign /v /ph /ac MSCV-VSClass3.cer /s my /n contoso.com /t http://timestamp.verisign.com/scripts/timestamp.dll c:\app.exe
该命令选项,根据以上显示是为在exe等PE文件进行数字签名时所需参数,并且在Signtool的官方说明里也有简单说明,改命令选项无需对非PE文件签名时选用:
http://msdn.microsoft.com/en-us/library/windows/desktop/aa387764(v=vs.85).aspx
/ph If supported, generates page hashes for executable files. This option is ignored for non-PE files
根据以上相关资料推荐您在签名时,可按照下面操作方式进行数字签名:
1 给sys文件签名时命令:
SignTool sign /v /ac CrossCertificateFile /s SPCCertificateStore /n SPCSubjectName /t http://timestamp.verisign.com/scripts/timestamp.dll winloaddriver.sys
可参考下面链接:http://msdn.microsoft.com/en-us/library/bb530195.aspx#digitalsigskernmodules_topic4
2 给编译输出exe等PE文件签名时可选用下面面命令:
Release-signing example:
Signtool sign /v /ph /ac MSCV-VSClass3.cer /s my /n contoso.com /t http://timestamp.verisign.com/scripts/timestamp.dll c:\app.exe