Code Signing Migration from SHA-1 to SHA256

Effective January 1, 2016, Windows (version 7 and higher) and Windows Server will no longer trust new code that is signed with a SHA-1 code signing certificate for Mark-of-the-Web related scenarios (e.g. files containing a digital signature) and that has been time-stamped with a value greater than January 1, 2016. This cut-off date applies to the code-signing certificate itself.

What this means:

Any new distribution of our products (i.e. Terian ICP, Terian IDC) that are code signed and time stamped from 01/Jan/2016 onwards will no longer appear as coming from a verified publisher, i.e. like this…

TerianICP_Install_UAC_Signed

SHA256 Certificate:

Fortunately GoDaddy provides both SHA-1, and SHA256 code signing certificates. So newer versions of Windows can be supported with the new SHA256 certificate ensuring our applications still appear to be from a verified published.

Dual Certificate Code Signing:

To ensure we maintain backward compatibility with older versions of windows all new distributions will be code signed with both the SHA-1, and SHA256 certificates, like this…

Terian ICP Properties Dialog displaying SHA1, and SHA256 Digital Signatures

SHA-1 Deprecation:

Once SHA-1 has been fully deprecated we will most likely transition to only signing our code with the SHA256 certificate. Hopefully by this time our requirement to ensure 100% support on older systems will be reduced.

More information regarding Windows Enforcement of authenticode Code Signing can be found here

2 thoughts on “Code Signing Migration from SHA-1 to SHA256

  1. Pingback: Terian Image Capture Pro v3.00 Released | Journey from Code to Sales

  2. Pingback: Terian ID Creator v1.12 Released | Journey from Code to Sales

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s