another new question. I have an Authenticode certificate and a driver. That driver is a kernel-mode driver, so I need to sign it using kernel-mode code signing. But my certificate is normal code signing and I think I can't use that with my kernel-mode driver. Anyone can answer?
1 Answer
The distinguishing feature of "kernel-mode code signing" certificates is the 2.23.140.1.4.1
policy OID listed under "Certificate policies". Because this is part of the certificate's (meta)data, and not just a different file format, you cannot add it to an existing certificate by hand (doing so would invalidate the CA signature); instead it needs to be added by the CA when the certificate is being issued.