自己証明書。実は証明書マネージャーなしで簡単にWin7にも入る件

makecert     -n "CN=Windows 2000 Extended Kernel Certificate Root,O=Pink Flying Whale,C=JP,E=メアド" -a sha1 -eku 1.3.6.1.5.5.7.3.3 -r -sv w2kroot.pvk w2kroot.cer -ss Root -sr localMachine
- ルート証明書の作成

makecert -pe -n "CN=Pink Flying Whale Program,O=Pink Flying Whale,C=JP,E=メアド" -a sha1 -eku 1.3.6.1.5.5.7.3.3 -iv w2kroot.pvk -ic
- プログラムの証明書の作成

w2kroot.cer -ss My -sr localMachine -sv pfw.pvk pfw.cer
pvk2pfx -pvk pfw.pvk -spc pfw.cer -pfx pfw.pfx -pi Password
- 署名用の証明書作成

上記の手順で、自己署名の証明書を作ってみた。

プログラムには

SignTool sign /v  /f pfw.pfx /p Password /t http://timestamp.verisign.com/scripts/timestamp.dll mofmof.exe

の様にして署名する

インストールには、実は証明書マネージャーなどいらない。
レジストリエディタで流し込めるのだ・ω・

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\829CAA0B22AD72522A97B3A12E140E9FBC5494A8]
"Blob"=hex:04,00,00,00,01,00,00,00,10,00,00,00,95,26,5d,bd,4f,72,a0,fb,12,83,7c,c8,7a,70,39,52,14,00,00,00,01,00,00,00,14,00,00,00,35,4a,50,33,54,19,04,5a,3b,92,78,0b,19,6e,59,8f,54,72,f1,2f,19,00,00,00,01,00,00,00,10,00,00,00,c0,7e,90,34,3c,6d,2a,f7,53,e4,e7,25,12,c3,ae,ae,03,00,00,00,01,00,00,00,14,00,00,00,82,9c,aa,0b,22,ad,72,52,2a,97,b3,a1,2e,14,0e,9f,bc,54,94,a8,0f,00,00,00,01,00,00,00,14,00,00,00,6b,e7,bb,46,50,66,08,d6,4f,4d,54,4c,82,b0,27,10,f3,28,1d,39,20,00,00,00,01,00,00,00,63,03,00,00,30,82,03,5f,30,82,02,cc,a0,03,02,01,02,02,10,05,75,13,35,5b,69,6c,bd,41,f3,6f,99,c5,24,be,2d,30,09,06,05,2b,0e,03,02,1d,05,00,30,81,85,31,22,30,20,06,09,2a,86,48,86,f7,0d,01,09,01,16,13,70,66,77,40,61,62,2e,61,75,6f,6e,65,2d,6e,65,74,2e,6a,70,31,0b,30,09,06,03,55,04,06,13,02,4a,50,31,1a,30,18,06,03,55,04,0a,13,11,50,69,6e,6b,20,46,6c,79,69,6e,67,20,57,68,61,6c,65,31,36,30,34,06,03,55,04,03,13,2d,57,69,6e,64,6f,77,73,20,32,30,30,30,20,45,78,74,65,6e,64,65,64,20,4b,65,72,6e,65,6c,20,43,65,72,74,69,66,69,63,61,74,65,20,52,6f,6f,74,30,1e,17,0d,31,35,30,34,31,36,30,39,34,30,31,31,5a,17,0d,33,39,31,32,33,31,32,33,35,39,35,39,5a,30,81,85,31,22,30,20,06,09,2a,86,48,86,f7,0d,01,09,01,16,13,70,66,77,40,61,62,2e,61,75,6f,6e,65,2d,6e,65,74,2e,6a,70,31,0b,30,09,06,03,55,04,06,13,02,4a,50,31,1a,30,18,06,03,55,04,0a,13,11,50,69,6e,6b,20,46,6c,79,69,6e,67,20,57,68,61,6c,65,31,36,30,34,06,03,55,04,03,13,2d,57,69,6e,64,6f,77,73,20,32,30,30,30,20,45,78,74,65,6e,64,65,64,20,4b,65,72,6e,65,6c,20,43,65,72,74,69,66,69,63,61,74,65,20,52,6f,6f,74,30,81,9f,30,0d,06,09,2a,86,48,86,f7,0d,01,01,01,05,00,03,81,8d,00,30,81,89,02,81,81,00,bb,e0,e1,a5,a7,e6,aa,3f,0f,6a,0f,63,f3,4d,0e,b7,10,51,c1,2e,7f,14,a5,18,1f,d9,ec,1b,3a,c4,f7,8e,11,35,ef,1a,e0,d2,a4,ab,9c,38,9d,56,e6,4f,e2,76,0b,08,5b,e0,2d,8e,ef,1e,d4,64,9e,be,42,13,c9,79,27,83,a1,8e,d6,ed,d7,4f,cb,87,6b,54,73,c0,5b,2b,69,bd,12,9d,50,1f,56,9d,f2,96,de,24,e8,17,53,32,1e,cc,94,4f,08,5d,22,6d,42,57,c4,3a,59,a6,ff,af,b4,74,f9,30,cd,4d,b5,96,41,e3,e7,4d,ca,da,78,15,02,03,01,00,01,a3,81,d5,30,81,d2,30,13,06,03,55,1d,25,04,0c,30,0a,06,08,2b,06,01,05,05,07,03,03,30,81,ba,06,03,55,1d,01,04,81,b2,30,81,af,80,10,54,15,bb,58,b0,0c,49,bb,af,9f,03,93,78,97,c3,4c,a1,81,88,30,81,85,31,22,30,20,06,09,2a,86,48,86,f7,0d,01,09,01,16,13,70,66,77,40,61,62,2e,61,75,6f,6e,65,2d,6e,65,74,2e,6a,70,31,0b,30,09,06,03,55,04,06,13,02,4a,50,31,1a,30,18,06,03,55,04,0a,13,11,50,69,6e,6b,20,46,6c,79,69,6e,67,20,57,68,61,6c,65,31,36,30,34,06,03,55,04,03,13,2d,57,69,6e,64,6f,77,73,20,32,30,30,30,20,45,78,74,65,6e,64,65,64,20,4b,65,72,6e,65,6c,20,43,65,72,74,69,66,69,63,61,74,65,20,52,6f,6f,74,82,10,05,75,13,35,5b,69,6c,bd,41,f3,6f,99,c5,24,be,2d,30,09,06,05,2b,0e,03,02,1d,05,00,03,81,81,00,3a,40,ac,aa,d6,3e,86,87,9a,7c,84,aa,55,e7,66,f6,80,63,d5,a5,97,6b,ea,30,a4,92,55,d0,2a,49,4a,9c,80,70,30,5d,57,b6,4e,c6,ae,c6,ec,74,ad,54,33,30,25,51,ec,c0,f6,91,f2,e2,7c,a6,f9,6f,97,fe,bf,92,04,07,87,d5,fc,79,ff,1f,60,3f,f0,19,d8,08,4a,a8,98,d8,ec,ec,cb,a6,90,db,64,6a,bc,88,63,fb,a7,01,e4,0c,b6,8a,1c,d2,8c,58,6d,30,60,91,a8,86,c7,cb,70,b9,45,9b,88,79,6c,ea,d5,b7,40,79,f8,76,e4,0a

auth
署名できた模様・ω・

auth2
レジストリいじっただけで、Root 証明書 インストールしたことになっている…いいのかこれ (笑)

おすすめ

1件の返信

  1. Ai より:

    Virtual Floppy Driveのvfd.sysもこの方法でいけるようになるのでしょうかね。
    デジタル署名ないので64bitOSでは使いにくいのです。

コメントを残す

メールアドレスが公開されることはありません。 が付いている欄は必須項目です