3

I wanted to dual sign my exe so that the XP and Vista users can use the software. But when i dual sign the exe with SHA1 and SHA256 timestamps, In windows7 only 1 timestamp is shown.

enter image description here

To dual sign I used signtool of windows sdk 8.1 and my certificate is of SHA256 and the signer pc contains the windows server 2012 R2. And I dual signed using the command...

signtool.exe sign /n "certificate name"  /t http://timestamp.comodoca.com /v foo.exe

signtool.exe sign /n "certificate name" /fd sha256 /tr http://timestamp.comodoca.com/?td=sha256 /td sha256 /as /v foo.exe

The dual signing is working perfectly on windows8 and above OS's. Did I left anything? or doing wrong some where? Please help me on this.

IT researcher
  • 143
  • 1
  • 4
  • 3
    Is the Windows 7 up to date? Windows 7 won't recognize SHA256 signatures (just like XP) unless https://technet.microsoft.com/en-us/library/security/3033929 is applied. – bayo May 31 '16 at 08:36
  • thank you for the reply. yes i installed the update and it's working now.. – IT researcher May 31 '16 at 11:39

1 Answers1

5

Windows 7 doesn't support SHA256 signatures by default. You need to apply this update, in order to get the desired functionality.

bayo
  • 687
  • 3
  • 11