Login
`
Templates, Tools and Utilities
|
||
Icetips Article
Back to article list
Search Articles
Add Comment
Printer friendly
Direct link
Setup Builder from Lindersoft: Dual SHA-1/SHA-2 code-signing 2015-10-06 -- Friedrich Linder SB10 Tips & Tricks #1: Dual SHA-1/SHA-2 code-signingIt has been some time since we've had the "Tips & Tricks" column. Many people have asked me for tips on how to do this and that, so I figured I would share some with you here. The first in this new series of tips and tricks explains how you can handle dual SHA-1/SHA-2 (SHA-256) code-signing with SetupBuilder. Background: Organizations need to develop a migration plan for SHA-1 code signing certificates that expire after January 1, 2016. To support older Windows operating systems (e.g. Windows XP, Vista, early Windows 7 versions) and modern Windows systems (Windows 8.x and later) after 1 January 2016, you have to dual SHA-1/SHA-2 code-sign all your application files and setups using Microsoft Authenticode compatible time stamp and RFC 3161 compliant trusted time stamp servers (SHA-2 compatible code-signing certificate is required). SHA-2 (SHA-256) was created by the National Institute of Standards and Technology (NIST) to replace SHA-1 after mathematical weaknesses were discovered in the algorithm. For the past few years, network security experts have warned that certificates using the SHA-1 hashing algorithm will soon be in danger of being hacked due to consistent advancements in computing technology.How to handle dual code-signing with SetupBuilder 10?
January 19, 2016 Friedrich has commented that "you need Windows 8.0 or later to handle "dual" code-signing. Even Windows 8.0 does not work rock solid. I would suggest to use Windows 8.1 or Windows 10." Click on the images below to open them full size in a viewer. Today is May 19, 2024, 9:18 am This article has been viewed 35134 times.
|
|