Hi,
I have double code signing (SHA1 and SHA256) set up and working fine through the IA GUI. I see that many Microsoft executables are now only signed with SHA256. Is it possible to configure IA X15 to only sign SHA256 and not to double code sign SHA1 as well? This would certainly save some time on builds!
Thanks, Peter
SHA256 Signing Only?
-
- Site Admin
- Posts: 5361
- Joined: Sun Aug 22, 2010 4:28 am
Re: SHA256 Signing Only?
Unfortunately this is currently not possible. I'll forward this request to our devs.
Alternatively instead of signing via Authenticode settings, the only option is with signing the generated installer via Build Events.
About this, below you will find an old post released to support double signing when this was not yet available with IA.
https://www.installaware.com/blog/?p=416
The above approach is not complex, but of course it isn't simple as enabling the automatic signing via Authenticode settings. In addition, the files part of your installation cannot be signed using the above workaround (these should be already signed).
Hope this helps you.
Alternatively instead of signing via Authenticode settings, the only option is with signing the generated installer via Build Events.
About this, below you will find an old post released to support double signing when this was not yet available with IA.
https://www.installaware.com/blog/?p=416
The above approach is not complex, but of course it isn't simple as enabling the automatic signing via Authenticode settings. In addition, the files part of your installation cannot be signed using the above workaround (these should be already signed).
Hope this helps you.
Francesco Toscano
InstallAware Software
White Papers (HowTos) - http://www.installaware.com/publication ... papers.htm
Publications - http://www.installaware.com/publications-review.htm
InstallAware Help -F1 anywhere in the InstallAware IDE
InstallAware Software
White Papers (HowTos) - http://www.installaware.com/publication ... papers.htm
Publications - http://www.installaware.com/publications-review.htm
InstallAware Help -F1 anywhere in the InstallAware IDE
Re: SHA256 Signing Only?
Thanks Francesco, I really value the automatic signing of all executables so will stick with double signing for now.
Best wishes, Peter
Best wishes, Peter
-
- Posts: 31
- Joined: Mon Mar 01, 2021 9:01 am
Re: SHA256 Signing Only?
I've also asked this question in the past given that the timestamp servers that support sha1 signing are slowly being decommissioned. Thus I ended up doing the build event signing inside of the installer as mentioned in the link provided along with running signtool after installer build to sign the installer .exe.
I was hoping to keep using the automated solution but the timestamp servers provided by the company we purchased the certificate from no longer support sha1. I'm leery about hardcoded timestamp servers in our project given I've had two different ones over the past two years stop working because of the double signing.
I was hoping to keep using the automated solution but the timestamp servers provided by the company we purchased the certificate from no longer support sha1. I'm leery about hardcoded timestamp servers in our project given I've had two different ones over the past two years stop working because of the double signing.
-
- Site Admin
- Posts: 5361
- Joined: Sun Aug 22, 2010 4:28 am
Re: SHA256 Signing Only?
This has been introduced with the latest IA x15 minor update v.32.22.
SHA 256-Only Code Signing (Skip SHA-1)
SHA 256-Only Code Signing (Skip SHA-1)
Francesco Toscano
InstallAware Software
White Papers (HowTos) - http://www.installaware.com/publication ... papers.htm
Publications - http://www.installaware.com/publications-review.htm
InstallAware Help -F1 anywhere in the InstallAware IDE
InstallAware Software
White Papers (HowTos) - http://www.installaware.com/publication ... papers.htm
Publications - http://www.installaware.com/publications-review.htm
InstallAware Help -F1 anywhere in the InstallAware IDE
Re: SHA256 Signing Only?
FrancescoT wrote:This has been introduced with the latest IA x15 minor update v.32.22.
SHA 256-Only Code Signing (Skip SHA-1)
Thanks very much Francesco, the new feature is working brilliantly here and has significantly reduced my large project compile time! Please thank the dev team for me, much appreciated.
Best wishes, Peter
Re: SHA256 Signing Only?
Terrific to hear that, Peter!
John Gaver
InstallAware Skunkworks
InstallAware Multi Platform - Liberating DEB/RPM/PKG/MSI(X) into universal native setups!
Get your free copy today - https://www.installaware.com/installaware-multi-platform.htm
InstallAware Skunkworks
InstallAware Multi Platform - Liberating DEB/RPM/PKG/MSI(X) into universal native setups!
Get your free copy today - https://www.installaware.com/installaware-multi-platform.htm
Who is online
Users browsing this forum: Majestic-12 [Bot] and 29 guests