

Calling USB Functions

Calling USB functions will fail unless the application a user uses for calling the functions is signed and the Teradici USB service trusts the application.

Signing the Client Application¶

The application must be signed in a way that is trusted by the OS. To check this:

Right click on the executable.
Select the Signature tab.
Verify the signature is valid.

Wile developing the application the signing process may be incorporated into the build process, either in the build script or as a post-build task in the IDE. If a self-signed certification is being used for testing purposes, it must be added to the trusted root CAs to enable the OS to trust it.

Enabling the Signed Application to be trusted by the USB Service¶

The registry key for the Teradici USB service is located at HKLM\System\CurrentControlSet\Services\fusbhub. Within this folder there is a subkey called Issuers. That value contains the SHA512 hashes of ASN.1 encoded public keys of all trusted signers.

In order to make the USB service trust the application, the SHA512 hash of the ASN.1 encoded public key of the certificate used to sign the application must be added. The hash of the certificate public key may be obtained using the CryptHashPublicKeyInfo Windows API.

Final Version Installer

The installer of the final version must add the hash of the signor for the final application to the Issuers registry value.

There is an additional value that may be created under parameters for debugging purposes. It is a string value named LogDir. If this value exists the USB service will create a log file that may help identify access issues. If the value is empty, the log will be created in the same folder as the USB service executable.