If you make modifications to a driver package and need to resign the package, the easiest method is to sign it with a Microsoft Authenticode code singing certificate. This can be done using the following procedure:

1. Start from a known working driver package .inf file from the latest MPLAB Harmony release.
2. Modify the .inf file as desired. The .inf file is a plain text file (i.e., editable with a text editor, such as Notepad) that contains installation instruction/information that tells the operating system what driver needs to be used for the hardware, and anything else that may need to occur during the driver installation process. When changing the .inf  file device list  sections, please remove all  existing Microchip VID/PIDs, before replacing them with your own. The manufacturer and product strings should also be updated as applicable for your device.
3. Delete the security catalog (.cat) file that is already supplied with the package. After modifying the .inf file, the security catalog file will no longer be valid and you will need to create a new one.
4. Download the latest  version of the  Windows Driver Kit (WDK) from  Microsoft by visiting: http://msdn.microsoft.com/en-us/library/windows/hardware/gg487428.aspx  Version 8.0 or later is needed (prior versions don’t have awareness of Windows 8 specifics).
5. Use the Inf2Cat utility in the WDK to regenerate a new .cat file from the modified .inf file.
   • Inf2Cat is a command line utility. Open a command prompt, navigate to the directory of the inf2cat tool, and then run it at the command line to get a small help/explanation of usage syntax. The program is typically located in the following location: C:\Program Files\Windows Kits\8.0\bin\x64 (or \x86 folder for 32-bit)
   • Typical usage syntax would be similar to the following (all on one line): inf2cat  /driver:C:\[path  to  dir  with  .inf  file] /os:XP_X86,XP_X64,Vista_X86,Vista_X64,7_X86,7_X64,8_X86,8_X64,Server2003_X86,Server2003_X64,Server2008_X86,Server2008_X64,Server2008R2_X64,Server8_X64. Assuming the Inf2Cat utility runs successfully, it will generate a raw .cat file. The .cat file will still need to be signed to be useful.
6. If your organization does not already have one, purchase a code signing certificate from a Certificate Authority (CA) such as VeriSign (now Symantec Corporation). See Obtaining a Microsoft Authenticode Code Signing Certificate for more details.
7. Use the signtool.exe utility,  along with the signing certificate  purchased from the CA, to  sign the .cat  file.  The signtool utility is small Microsoft program that is distributed in the Windows SDK (and/or in older versions of the WDK, prior to v8.0). The Windows SDK can currently be obtained by visiting: http://msdn.microsoft.com/en-us/windows/desktop/hh852363.aspx
8. Typical  syntax  when  using  the  signtool  would  be  as  follows, wwhen executed in the directory of the .cat file, assuming the directory to the signtool is in the path, and the certificate has a .pfx  extension without a password, and that the certificate resides on "E:", like a typical USB flash drive: signtool sign /v /f "E:\[path to certificate]\[certificate file name].pfx" /t http://timestamp.verisign.com/scripts/timestamp.dll [FileNameToSign.cat]
9. Verify that the signature has been properly applied using the verify command line option: signtool verify /a /pa [FileNameToSign.cat]. The verify step should report success. 

The driver  package should  now be correctly signed with a Microsoft Authenticode signature. Test it on all target operating systems. Distribute both the .inf  file and .cat file together to the end-consumer (along with any other driver package files that may be necessary, which may include .dll files, particularly in the case of the WinUSB driver package). Never distribute the signing certificate that you purchased from the CA, this should be kept in a safe place, out of the hands of the public (the certificate can be reused to sign any number of driver packages, as well as .exe files, which will have some benefits).