[cifs-protocol] Verify Microsoft Catalog Files

Andreas Schneider asn at samba.org
Tue Oct 18 18:46:24 UTC 2016

On Tuesday, 18 October 2016 18:00:47 CEST Bryan Burgin wrote:
> [Dochelp to bcc]
> Hi Andreas,

Hi Bryan,
> I assume that this inquiry is an extension to our discussions with the
> product group re [MS-RPRN] and/or [MS-PAR] and the July patch (that began
> issuing a dialog box to users while installing printer drivers) and the
> "fix" to that problem that was released for Windows 10 last week October
> 11.

yes, this is related to our discussion about MS-PAR.

> You request is for how you obtain a copy of this certificate.  I would like
> to (a) verify that this request is in conjunction with our previous
> discussions and (2) to back up a bit and understand where you are in
> resolving this issue and how you go to the point where you're asking this
> question.  For instance: is this in your pursuit to implement [MS-PAR] or
> is this in relation to [MS-NPRN]?

(1) This is in conjunction with our previous discussion about [MS-PAR].

(2) This is about MS-PAR. Package aware v3/v4 printer drivers ship an .inf 
file and a .cat file. The .cat file is a Microsoft Catalog file. It is a DER 
encoded PKCS#7 certificate with embedded data. The embedded data is a 
Certificate Trust List (CTL).

To be able to verify the Catalog file (the PKCS7 signature) which is shipped 
with a driver I need a copy of the certificate. I guess it is stored in the 
Windows registry.

I guess the Catalog file is validated before the driver gets copied to the 
driver store. But that's probably an additional question. I think we should 
collect questions about MS-PAR and send them to dochelp.


Thanks so far.

Best regards,


Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             asn at samba.org

More information about the cifs-protocol mailing list