Some Windows 10 users might come across the error message “No signature was present in the subject” when trying to view the signature properties of a driver package file. In this post, we provide a brief description of why you may get this message and what you can try to get rid of the message for that particular package file.
Operating Systems may have unknown signing issues or driver not signed issues if the computer under test is not connected to the internet. If the computer under test is connected to the internet, then the new certificates are automatically downloaded when a driver is installed and there will not be any issues. Sometimes the CA vendors are also able to help out in resolving the issues when the computer under test is not connected to the internet.
No signature was present in the subject
When a catalog file (.cat) is signed using a new VeriSign released signing certificate which uses the SHA256 algorithm, if you open the signed cat file and view signature, you may notice the No signature was present in the subject message.
To resolve the issue, you may ask VeriSign to provide a replacement certificate at no cost signed with the SHA1 hash algorithm.
Alternatively, you can buy another SHA1 certificate and sign the file with two signatures as shown below if you want to keep both certificates. Note that only .sys files can be dual signed because they are PE files.
Signtool sign /fd sha256 /ac C:\MyCrossCert\Crosscert.cer /s my /n “MyCompany Inc. “ /ph /as /sha1 ZZ...ZZ C:\DriverDir\toaster.SYS
Where ZZ…ZZ is the hash of the certificate you are using for the secondary signature. Add
/tr to timestamp signing.
Additional note: Use of SHA1 certificate was deprecated by Microsoft starting from January 1, 2016. All CA vendors must issue signing certificates with the SHA256 hash algorithm.
Windows stopped accepting SHA1 code signing certificates without time stamps after 1 January 2016.
Microsoft has also stated now that after installing KB4579311, Windows 10 may warn you when installing some third-party drivers:
This issue occurs when an improperly formatted catalog file is identified during validation by Windows. Starting with this release, Windows will require the validity of DER encoded PKCS#7 content in catalog files. Catalogs files must be signed per section 11.6 of describing DER-encoding for SET OF members in X.690,”
Hope this helps!
Related post: Windows requires a digitally signed driver.
- Tags: Drivers