Page 1 of 1
SHA256 Signing Only?
Posted: Tue Aug 09, 2022 4:38 am
by simpsonp
Hi,
I have double code signing (SHA1 and SHA256) set up and working fine through the IA GUI. I see that many Microsoft executables are now only signed with SHA256. Is it possible to configure IA X15 to only sign SHA256 and not to double code sign SHA1 as well? This would certainly save some time on builds!
Thanks, Peter
Re: SHA256 Signing Only?
Posted: Tue Aug 09, 2022 11:48 am
by FrancescoT
Unfortunately this is currently not possible. I'll forward this request to our devs.
Alternatively instead of signing via Authenticode settings, the only option is with signing the generated installer via Build Events.
About this, below you will find an old post released to support double signing when this was not yet available with IA.
https://www.installaware.com/blog/?p=416The above approach is not complex, but of course it isn't simple as enabling the automatic signing via Authenticode settings. In addition, the files part of your installation cannot be signed using the above workaround (these should be already signed).
Hope this helps you.
Re: SHA256 Signing Only?
Posted: Tue Aug 09, 2022 4:38 pm
by simpsonp
Thanks Francesco, I really value the automatic signing of all executables so will stick with double signing for now.
Best wishes, Peter
Re: SHA256 Signing Only?
Posted: Wed Aug 17, 2022 9:39 am
by BartWilson
I've also asked this question in the past given that the timestamp servers that support sha1 signing are slowly being decommissioned. Thus I ended up doing the build event signing inside of the installer as mentioned in the link provided along with running signtool after installer build to sign the installer .exe.
I was hoping to keep using the automated solution but the timestamp servers provided by the company we purchased the certificate from no longer support sha1. I'm leery about hardcoded timestamp servers in our project given I've had two different ones over the past two years stop working because of the double signing.
Re: SHA256 Signing Only?
Posted: Mon Oct 31, 2022 9:05 am
by FrancescoT
This has been introduced with the latest IA x15 minor update v.32.22.
SHA 256-Only Code Signing (Skip SHA-1)
Re: SHA256 Signing Only?
Posted: Wed Nov 02, 2022 1:30 pm
by simpsonp
FrancescoT wrote:This has been introduced with the latest IA x15 minor update v.32.22.
SHA 256-Only Code Signing (Skip SHA-1)
Thanks very much Francesco, the new feature is working brilliantly here and has significantly reduced my large project compile time! Please thank the dev team for me, much appreciated.
Best wishes, Peter
Re: SHA256 Signing Only?
Posted: Fri Feb 23, 2024 11:54 am
by JohnGaver
Terrific to hear that, Peter!