>>msk-ly+Md
That "signing" has always been bullshit security theater. You'll note that every other graphics API manages just fine without it. I'm glad somebody posted the "signing" algorithm out in the open.
>>atq211+Tp
Putting a pseudo-MD5 hash in your file header sounds like someone got confused and wound up caught between over-elaborate integrity check and half-hearted security measure.
It sort of works if your signing tool is part of a private console SDK, but the DirectX SDK was always freely available.