Updated on 2025-07-14 GMT+08:00

Packages for Windows Image Creation

Procedure

Check the integrity of downloaded installation packages during Windows image creation, that is, check whether the packages are tampered with or lost during download.

Verifying the Digital Signature CMS File

  1. Download the required packages to the local PC following Required Software in the Windows image creation section.
  2. Download the following root CA certificate and CRLs from the Huawei support website:

    • CA certificate: Huawei Software Integrity Protection Root CA.der
    • CRLs: HuaweiRootCA.crl, HuaweiCodeSigningCA.crl, HuaweiCodeSigningCA 2.crl, and HuaweiCodeSigningCA 3.crl

  3. Convert the formats of the CA certificate and CRLs from DER to PEM.

    The name of the certificate to convert may differ from that of the downloaded one. Use the actual certificate name.

    • For CRLs:
    openssl crl -inform DER -in "HuaweiRootCA.crl" -out HuaweiRootCaCrl.pem 
    openssl crl -inform DER -in "HuaweiCodeSigningCA 3.crl" -out HuaweiCodeSigningCA3.pem 
    openssl crl -inform DER -in "HuaweiCodeSigningCA 2.crl" -out HuaweiCodeSigningCA2.pem 
    openssl crl -inform DER -in HuaweiCodeSigningCA.crl -out HuaweiCodeSigningCA.pem
    • For the CA certificate:
    openssl x509 -inform DER -in "Huawei Software Integrity Protection Root CA.der" -out HuaweiRootCA.pem

  4. Use Notepad to open the files in 3. Copy and paste the content of HuaweiRootCaCrl.pem, HuaweiCodeSigningCA3.pem, HuaweiCodeSigningCA2.pem, and HuaweiCodeSigningCA.pem sequentially to the end of the content of HuaweiRootCA.pem.
  5. Verify the CMS file.

    openssl cms -verify -inform DER -crl_check_all -in xxxxxxx.iso.cms -content xxxxxx.iso -CAfile HuaweiRootCA.pem -out cmsVerifiedData -binary -purpose any -certsout tmpCertChain.pem
    • xxxxxxx.iso.cms: client CMS file obtained in Table 1
    • xxxxxx.iso: installation package name obtained during image creation

    If a message similar to the following is displayed, the verification is successful:

    CMS Verification successful
    Table 1 CMS verification codes

    Installation Package

    CMS Signature File

    Workspace_HDP_WindowsDesktop_Installer_x.x.x.iso

    Click here to download

    HW.SysAgent.Installer_64.msi

    Click here to download

    HW.SysPrep.Installer_64.msi

    Click here to download

    WKSAppCenterAgent.msi

    Click here to download

    WKSAppCenter.msi

    Click here to download