https://docs.microsoft.com/en-us/dotnet/framework/tools/signtool-exe
https://docs.microsoft.com/en-us/windows/desktop/seccrypto/makecert
Create a `sign.bat` file:
Code:
- Code: Select all
@echo off &title SelfSign helper &pushd %~dp0
dir /b *.sys;*.dll;*.exe;*.inf &echo.
set/p file="Enter filename to self-sign:"
del /f/q _CA.cer >2nul &del /f/q _SS.cer >2nul
makecert -r -pe -b 03/03/2018 -e 03/03/2019 -sky signature -cy authority -ss CA -n "CN=%COMPUTERNAME% %USERNAME% Selfsigning" _CA.cer
makecert -pe -b 03/03/2018 -e 03/03/2019 -sky signature -cy end -is CA -ic _CA.cer -ss CA -n "CN=%COMPUTERNAME% %USERNAME% App" _SS.cer
signtool sign /a /s CA /n "%COMPUTERNAME% %USERNAME% App" /t http://timestamp.verisign.com/scripts/timstamp.dll /d %file% %file%
echo.
echo Press any key to import self-signed certificates now, or click [X] to quit
pause>nul
certutil -addstore -f -user Root _CA.cer
rem certutil -addstore -f -user Intermediate _CA.cer
certutil -addstore -f -user Intermediate _SS.cer
rem certutil -addstore -f -user Personal _SS.cer
echo Done. to manage certificates, use: certmgr.msc
pause
exit
Place all files in the same folder with your unsigned file, run the script as administrator - it will do everything for you, just follow instructions.
Note that depending on your driver you might need to also run the signing tools over the inf/cat (see "catdb" option in documentation for signtool) - but that's usually for vga and storage drivers, you might get away without it.