-->
Digital signatures are based on Microsoft public key infrastructure technology, which is based on Microsoft Authenticode combined with an infrastructure of trusted certification authorities (CAs). Authenticode, which is based on industry standards, allows vendors, or software publishers, to sign either a file or a collection of files (such as a driver package) by using a code-signing digital certificate that is issued by a CA.
Windows uses a valid digital signature to verify the following:
- The file, or the collection of files, is signed.
- The signer is trusted.
- The certification authority that authenticated the signer is trusted.
- The collection of files was not altered after it was published.
For example, this signing process for a driver package involves the following:
- A publisher obtains an X.509 digital certificate from a CA. An Authenticode certificate is also referred to as a signing certificate. A signing certificate is a set of data that identifies a publisher, and is issued by a CA only after the CA has verified the identity of the publisher. A CA can be a Microsoft CA, a third-party commercial CA, or an Enterprise CA.The signing certificate is used to sign the catalog file of a driver package or to embed a signature in a driver file. Certificates that identify trusted publishers and trusted CAs are installed in certificate stores that are maintained by Windows.
- The signing certificate includes a private key and a public key, which is known as the key pair. The private key is used to sign the catalog file of a driver package or to embed a signature in a driver file. The public key is used to verify the signature of a driver package's catalog file or a signature that is embedded in a driver file.
- To sign a catalog file or to embed a signature in a file, the signing process first generates a cryptographic hash, or thumbprint, of the file. The signing process then encrypts the file thumbprint with a private key and adds the thumbprint to the file.The signing process also adds information about the publisher and the CA that issued the signing certificate. The digital signature is added to the file in a section of the file that is not processed when the file thumbprint is generated.
- To verify the digital signature of a file, Windows extracts the information about the publisher and the CA and uses the public key to decrypt the encrypted file thumbprint.Windows accepts the integrity of the file and the authenticity of the publisher only if the following are true:
- The decrypted thumbprint matches the thumbprint of the file.
- The certificate of the publisher is installed in the Trusted Publishers certificate store.
- The root certificate of the CA that issued the publisher's certificate is installed in the Trusted Root Certification Authorities certificate store.
Windows Certificate Store (Windows only) Stores the digital ID to a common location from where other Windows applications can also retrieve it. A Windows default certificate digital ID is stored in the Windows certificate store. Because you want to share your digital ID with colleagues, you'll use the PKCS #12 option. Make sure that New PKCS #12 Digital File ID is selected, and click Next. The Microsoft Windows HTTP Services (WinHTTP) Certificate Configuration Tool, WinHttpCertCfg.exe, enables administrators to install and configure client certificates in any certificate store that can be accessed by the Internet Server Web Application Manager (IWAM) account.
Windows Digital Id Location
Jun 04, 2012 I want to know where the Certificates are located on the hard drive or on the store, the certificates are stored so that i can migrate those certificates from WinXP to Windows 7 (which has IE 9.0 installed). The sole purpose is to migrate the above certiificates from source to destination machine. You may view your Digital Certificate store by: For MS Internet Explorer Users: 1. Open your MS Internet Explorer 2. Click on the Tools menu 3. From the drop down list select Internet Options 4. Click the Content tab 5. Click the Certificates button. Creating Digital IDs. This format file has a.pfx or.p12 extension and can be supported by most security applications, including major web browsers. Windows Certificate Store. The Digital ID will be stored in the Windows Certificate Store where it is available to other Windows applications and protected by your Window login.
For more information about how the Plug and Play (PnP) device installation uses the digital signature of a driver package'scatalog file, see Digital Signatures and PnP Device Installation.
For more information about Microsoft public key infrastructure technology, code signing, and digital signatures, see Introduction to Code Signing and Code Signing Best Practices.