Link to home
Start Free TrialLog in
Avatar of WebWolf1
WebWolf1

asked on

driver signing for windows vista

I have developed a kernel mode driver (PnP Filter) which is actually a sector remapping driver that redirects all write requests to an empty space of the disk. I want to sign this driver to pass the Windows Logo program.

I want some help how to start in easy steps.
Also, do I have to buy a VeriSign Organizational Certificate Digital ID or VeriSign Microsoft Authenticode Digital ID ? Is there any alternatives besides VeriSign?

Thanks
ASKER CERTIFIED SOLUTION
Avatar of Paranormastic
Paranormastic
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Paranormastic
Paranormastic
Flag of United States of America image
From the link I provided above, note that some of these roots are used by certificate resellers.  If there is a company that offers a better price for what you are looking for, look to see what root CA cert they issue under for that certificate.  Many times they do not advertise this, but a simple email or phone call to their sales or support team should answer that quickly for you.  Make sure that the root matches exactly - check the thumbprint for the definitive answer.  For example, Verisign has 13 different root CA's that they issue under, if memory serves, but only their Class 3 CA is valid for this purpose.
Avatar of WebWolf1
WebWolf1

ASKER

im planning to use COMODO. What do I have to ask them? What is their root CA cert?
Avatar of Paranormastic
Paranormastic
Flag of United States of America image
As much as I like Comodo, they won't work for this one.  They used to issue under the GTE Cybertrust root as a reseller, but they no longer do that since about a year or two ago.  Not sure if it had anything to do with Verizon Business buying out GTE root or not - never did get the dirty details on that one from our Comodo sales rep.  Anyways, their root for code signing is UTN-USERFirst-Object (which they acquired from UserTrust Network).  For most things, their code signing is fine, but it will not fit the bill for what MS requires for what you are trying to accomplish.

Out of the list - Verisign is always the most expensive but the most universal.  Baltimore CyberTrust - not positive on this one, but they may have been acquired by Verizon.  GTE Cybertrust is definately Verizon as I recently did business with them under that root.  They're spendy but not as bad as Verisign.

Equifax and GeoTrust are both big into having resellers - I don't know their direct pricing, although I've heard GeoTrust isn't supposed to be too bad.  Both of them have many resellers that have excellent prices in general.  RapidSSL is a popular reseller, but I'm not seeing a code signing product on their page or else I would recommend them.


Here's a link to globalsign's page which includes price, which actually doesn't look too bad from what I remember of pricing (sorry, the company I work for gets huge discounts on things due to the volume that we order, so my direct price comparison is a little jaded):
http://www.globalsign.com/developer/code-signing-certificate/index.htm

Avatar of Paranormastic
Paranormastic
Flag of United States of America image
The main thing to ask is which root they issue their code signing certificates under and ask for the thumbprint of that root cert and then compare that against the 2nd link from my first post.  After that I would ask for the pricing.