-
-
Notifications
You must be signed in to change notification settings - Fork 115
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Signing HLKX Packages #175
Comments
If this format is usually signed with signtool then it's a good candidate to have it supported by Jsign. I have never seen an HLK file, but according to the documentation it's based on the OPC format, so it's probably similar to the APPX format already supported by Jsign. Do you know where I can download a signed HLKX file? If you have one you can send it to [email protected] and I'll investigate it. |
There is a fork of OpenOpcSignTool by @monrapps supporting HLKX files, that may give some hints on how to implement it in Jsign. I struggle to find examples of HLKX files, if someone could send two such files, signed and unsigned, to [email protected] I'll get a look. |
Actually the HLKX files are signed by the HLK controller ( Supporting this format in Jsign is likely to be similar to implementing NuGet signing (#162). I don't have the time to look into this right now, but if someone wants to implement it I'll review and merge the changes. |
Sorry for the delay. Yes, HLKX packages are signed by "HLK Studio" and not by SignTool. See https://learn.microsoft.com/en-us/windows-hardware/test/hlk/user/digitally-sign-an-hlkx-package I'll try to get you some HLKX samples, both signed and unsigned. |
The fork of OpenOpcSignTool was created just to make it possible to sign HLKX files using keys stored in Azure Key Vault, which is not possible using "HLK Studio" |
I see that appx and nuget is supported now. It seems the problem with HLK Studio is that it doesn't support ECDSA keys with SHA384 hash. |
@JohnAZoidberg HLKX files aren't supported yet. I still need sample files, both signed and unsigned to investigate further. |
How easy/likely is it that JSign supports signing HLKX packages someday soon?
I was not able to find any specification for HLKX signing, the closest thing I found to a specification is this: https://learn.microsoft.com/en-us/windows-hardware/test/hlk/user/hlk-signing-with-an-hsm
Plus a bit of documentation:
The text was updated successfully, but these errors were encountered: