2

Microsoft states:

Effective January 1, 2016, Windows (version 7 and higher) and Windows Server will no longer trust any code that is signed with a SHA-1 code signing certificate and that contains a timestamp value greater than January 1, 2016

Does this mean:

  1. that executables (drivers etc.) signed using a certificate whose "Signature hash algorithm" is sha1 won't be trusted?
  2. that executables (drivers etc.) signed using sha1 as the "Digest algorithm" signature won't be trusted (even if the "Signature hash algorithm" of the certificate used is sha256)?
  3. Both?
  4. Something completly different?

Note: I used terminology as it is in Windows.

Second questions is about this part in the link provided above:

Code signature File Hashes: Microsoft does not require these file hashes to be done using SHA-2. Windows will also not enforce policies on these hashes. If pre-image attacks on SHA-1 become feasible we will reevaluate how the system trusts signatures made with such file hashes.

What exactly is ment by "Code signature File Hashes"?

Thanks.

bayo
  • 687
  • 3
  • 11
  • Related question: 2015-01-03: [*Deprecation of SHA1 code signing certificates on Windows*](https://security.stackexchange.com/questions/109629/deprecation-of-sha1-code-signing-certificates-on-windows) – StackzOfZtuff Jan 04 '16 at 14:28

1 Answers1

1

It means that:

  • Between the 01/01/2016 and the 01/01/2017 for code signing certificate using the SHA-1 algorythm, executable signed with a time stamp dating on or before the 31/12/2015 will be accepted, executable signed on or after the 01/01/2016 will NOT be accepted.
  • On and after 01/01/2017, all certificate used for code signing will be required to use SHA-2.

This only applies to the hash algorythm used by the CA to validate the code signing certificate when it is issued (it's part of the certificate properties, not the code signature itself).

"Code signature file hash" is the process used by the tool used to sign the executable to perform the digital signature: it takes the original code file (without the signature, obviously), pass it through the hash function (the one we're talking about), and sign the resulting hash value with the code signing certificate (usually, adding a secure time stamp).

That "code signature file hash" is not required to be updated. It means that, for the time being, you can use the same signature process and tools and simply replace your code signing certificate.

Stephane
  • 18,557
  • 3
  • 61
  • 70