Creating Certificates for USB Storage Devices
The Enhanced Storage Certificate Management tool can create a self-signed certificate that is imported to an IEEE 1667-compliant USB storage device. The specifications for the certificate are stored within either a text (.txt) or initialization (.ini) file and must contain the following entries:
[certificate]
Subject=SubjectString
SignatureAlgorithm=[RSASSA-PSS-SHA1|
RSASSA-PSS-SHA384|
RSASSA-PSS-SHA512|
RSASSA-PKCS1_5-SHA1|
RSASSA-PKCS1_5-SHA256|
RSASSA-PKCS1_5-SHA384|
RSASSA-PKCS1_5-SHA512]
KeyType=RSAKeyStrength=[1024|2048|3072]
ExpirationDate=mm/dd/yy
[SelfSigned=[YES|NO]]
[OrganizationName=OrgNameString]
[OrganizationUnit=OrgUnitString]
[CompanyLocation=LocationString]
[State=StateString]
[ZipCode=ZipCodeString]
[Country=CountryString]
Entries
Subject
This required entry specifies the certificate name for the subject. This name must comply with the X.509 standard.
SignatureAlgorithm
This required entry specifies the algorithm that is used to digitally sign the certificate. The signature algorithms are described in the following table.
| SignatureAlgorithm value | Description |
|---|---|
RSASSA-PSS-SHA1 |
The RSASSA-PSS digital signature that uses the 160-bit SHA-1 hashing algorithm. |
RSASSA-PSS-SHA256 |
The RSASSA-PSS digital signature that uses the 256-bit SHA-256 hashing algorithm. |
RSASSA-PSS-SHA384 |
The RSASSA-PSS digital signature that uses the 384-bit SHA-384 hashing algorithm. |
RSASSA-PSS-SHA512 |
The RSASSA-PSS digital signature that uses the 512-bit SHA-512 hashing algorithm. |
RSASSA-PKCS1_5-SHA1 |
The RSASSA-PKCS1_5 (PKCS#1 version 1.5) digital signature that uses the 160-bit SHA-1 hashing algorithm. |
RSASSA-PKCS1_5-SHA256 |
The RSASSA-PKCS1_5 digital signature that uses the 256-bit SHA-256 hashing algorithm. |
RSASSA-PKCS1_5-SHA384 |
The RSASSA-PKCS1_5 digital signature that uses the 384-bit SHA-384 hashing algorithm. |
RSASSA-PKCS1_5-SHA512 |
The RSASSA-PKCS1_5 digital signature that uses the 512-bit SHA-512 hashing algorithm. |
KeyType
This required entry specifies the key type for the subject. Starting with Windows 7 , this entry must have a value of RSA.
KeyStrengh
This required entry specifies the strength of the key, which is based on its length (in units of bits).
SelfSigned
This optional entry specifies whether the certificate is to be self-signed by the Enhanced Storage Certificate Management tool. If this entry is not specified, the tool signs the certificate when the certificate is created.
Note Starting with Windows 7, a value of NO is not supported. If NO is specified, the tool issues an error message.
ExpirationDate
This required entry specifies the end of the validity period for the certificate. The certificate is valid from the date it is created to the specified expiration date.
OrganizationName
This optional entry specifies the name of the organization that is publishing the certificate for the subject.
OrganizationUnit
This optional entry specifies the name of the business unit within the organization that is publishing the certificate for the subject.
CompanyLocation
This optional entry specifies the street address of the company that is publishing the certificate for the subject.
State
This optional entry specifies the state or province for the location of the company that is publishing the certificate for the subject.
ZipCode
This optional entry specifies the postal code for the location of the company that is publishing the certificate for the subject.
Country
This optional entry specifies the country/region for the location of the company that is publishing the certificate for the subject.
Comments
The first entry in the certificate specification file must be the [certificate] label.
Entries for the certificate specification are case-sensitive but can be specified in any order.
For more information about how to create a certificate to import to an IEEE 1667-compliant USB storage device, see the -New parameter of the /Add and /Replace switches of the Enhanced Storage Certificate Management tool.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for