Using a *.inf File from the Driver Development Wizard on Windows 8 or Higher

Updated Jan 28, 2023

Environment

Driver

  • NI-VISA

Operating System

  • Windows

How can I sign an INF file generated by the Driver Development Wizard so that I can install it on a Windows 8 (or higher) machine?
 

INF Files generated by the Driver Development Wizard (DDW) to bind devices to NI-VISA are not signed when they are created. Windows 8 (or higher) computers require INF files to be signed before they can be installed onto a machine. 

Follow these steps to install a INF that is generated by the DDW onto a Windows 8 (or higher) machine:

1. Generate a catalog (.cat) from the INF.
  1. Open command prompt as an Administrator.
  2. Navigate to the directory containing the Inf2Cat tool.
  3. Using the following command, create the file.
Syntax: Inf2Cat /driver:<path> /os:<os1>[,<os2>]...

<path>: Path to the directory that contains the INF. The INF file must be in a directory (e.g. cannot be a stand-alone file in the C drive). The INF already has the name of cat file to generate.

<osn>: The OS to support: e.g. 2000, XP_X86, Vista_X64, 7_X86, 8_X64, 10_X86, 10_X64, etc. 

Output: If the <path> contains an *.inf file, this command will create a corresponding *.cat file next to it.
2. Obtain or create a certificate that can be used to sign the *.cat.
  •  You should contact a Certificate Authority (CA) to obtain a certificate that you can use to sign all your drivers and INF’s. A certificate typically has a pair of keys, public and private. The public key is distributed to clients who need to use the signed binary/INF. The private key is only available to the owner of the certificate and is used to sign anything that needs to be signed. The private key should be protected and not distributed. The public key has enough information to verify the certificate owner. There is usually an annual fee that needs to be paid to the CA to obtain and use the certificate from them.
  • Alternatively you can create a personal certificates (extension .pfx, in this case) can be generated using a variety of third party applications such as Adobe Reader, the Java SDK, and openssl for Linux distributions. To learn more about creating a personal test certificate, please see Microsoft's MakeCert Test Certificate page.
3. Sign the .cat using the certificate.

Navigate to the directory containing the SignTool from the command prompt.

Syntax: signtool sign options <filename(s)>

Examples:
  • If the private/public key pair is in a file (in .pfx format):    
       signtool sign /f C:\mycertificate.pfx /p mypfxpassword c:\mycatfile.cat
  • If the key is installed on the dev machine:
       signtool sign /n mycertificatename C:\mycatfile.cat

4. Install the public certificate onto the target Windows 8 machine before installing the INF.
  1. Right-click the public certificate (*.cer created by third party application) and select Install Certificate.
  2. In the dialog that shows up, select Local Machine and press Next.
  3. In the following dialog, choose Place all certificates in the following store, press the Browse button and choose Trusted Root Certification Authorities from the list.
  4. Press OK to go back to the import wizard and press Next. Press Finish. Press OK when prompted with the confirmation dialog.
To view the certificates installed on the system, use the following steps:
  1. Run mmc command to launch the Microsoft Management Console
  2. From the menu, choose File » Add/Remove Snap-in...
  3. In the dialog, Click on Certificates and press the Add button in the middle of the dialog.
  4. In the dialog that shows up, choose the Computer account radio button and press Next and Finish.
  5. Press OK.
In the MMC, now you can see the certificates installed for the current user. The certificate that was imported needs to be under Trusted Root Certification Authorities. If it is not, you can right click on the Certificates (Current User) and then choose to Find Certificates.... Once it is found, you can copy (or cut) and paste it under the Trusted Root Certification Authorities.

If you device appears as and HID compliant device after you can see the certificates installed, please recreate the *.inf file but keep the device manufacturer and model name blank. 

Additional Information

1. Generate a catalog (.cat) from the INF.
This can be done by using the Inf2Cat tool that is provided by Microsoft via the Windows Driver Kit (WDK) (do not confuse with Windows SDK for Software Development Kit). This tool is typically installed at: C:\Program Files (x86)\Windows Kits\8.0\bin\x86. Please make sure to use WDK V8.0 for support in Windows 8 and WDK V10 for support in Windows 10. 
For more information about the OS support, see External Link: Microsoft Dev Zone: Inf2Cat.

2. Obtain or create a certificate that can be used to sign the *.cat.
  • A certificate typically has a pair of keys, public and private. The public key is distributed to clients who need to use the signed binary/INF. The private key is only available to the owner of the certificate and is used to sign anything that needs to be signed. The private key should be protected and not distributed. The public key has enough information to verify the certificate owner. There is usually an annual fee that needs to be paid to the CA to obtain and use the certificate from them.
  • If you aren’t distributing the INF to your customers and only need to use it on your own machine, you may want to create a 'personal' test certificate. This certificate, along with the private key, can be installed on a development machine where you will generate the *.cat file and sign it using that certificate.
  • Add the key to the certificate and then export the certificate.
3. Sign the .cat using the certificate.

Once the *.cat file is generated and the private certificate is installed on a development machine, the *.cat file can be signed using that certificate. Microsoft provides a tool to sign the INF’s, called SignTool with the WDK. It is located in the same folder as the Inf2Cat tool: C:\Program Files (x86)\Windows Kits\8.0\bin\x86. Please note that the WDK may require a certain version of Visual Studio to use the SignTool. This requirement will be listed on the WDK download page.

Additionally, there is another tool available from the Windows Platform SDK. After installing the Windows 7 SDK, the tool will be located at: C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Bin.

4. Install the public certificate onto the target Windows 8 machine before installing the INF.
Once the *.cat file is signed with the private key, the *.inf file, the signed *.cat file and the public certificate can be distributed together to install the chain of certificates up to a 'Trusted Root CA'. If it is a personal certificate, it needs to be installed. If the certificate was obtained from a CA, it already has a trust installed as a 'Trusted Root'.


Please Note:
Windows 8 (or higher) requires INF files to be signed before they can be installed onto the machine. Windows 7 does not require this. For testing purposes, if you are using a USB device with NI VISA, you can try on Windows 7 using the instructions on the USB Instrument Control Tutorial page.