Forum Discussion

dshadrin's avatar
dshadrin
Copper Contributor
Jul 05, 2021

Can't sign my driver with sha384 EV code signing certificate

Hello, our company renew EV code signing certificate, and now it has sha384 algorithm, our driver correct pass all HLK tests, and after it i have signed my *.hlkx result with this certificate, but mi...
Driver
driver signing
driver signing changes
hlk
dshadrin's avatar
dshadrin
Copper Contributor
Jul 05, 2021
Deleted, you have signed driver thougth HLK? I've signed drivers about five years, and i know how to buy certificate, how to pass HLK tests, and how to upload *.hlkx to microsoft partner center, but now sectigo.com provide me sha384 certificate and sign *.hlkx result using HLK studio with this certificate, but microsoft partner center don't accept this result, because my certificate is not sha256 😞
Anonymous's avatar
Anonymous
Jul 06, 2021

dshadrin 

https://docs.microsoft.com/en-us/windows-hardware/drivers/dashboard/update-a-code-signing-certificate

  • dshadrin's avatar
    dshadrin
    Copper Contributor
    Jul 07, 2021
    Starting from May 28, 2021, 14:00 MDT (20:00 UTC), DigiCert will require 3072-bit RSA keys or larger for code signing certificates. This change is to comply with industry standards. These new RSA key size requirements apply to the complete certificate chain: end-entity, intermediate CA, and root. ECC key requirements however remain unchanged.

    So how can i choose SHA256 when i sign my *.hlkx result from HLK STUDIO ?
    • Anonymous's avatar
      Anonymous
      Jul 07, 2021
      It's good that you raised this problem!
      The suggestion speaks of a switch - SH256 , so maybe there is an error here?
      • dshadrin's avatar
        dshadrin
        Copper Contributor
        Jul 07, 2021
        This switch applicable for signtool.exe utility, and i use this switch, but HLT test result signed by HLK studio and i can't use this switch or something else in this step.