{"id":4102,"date":"2016-03-01T20:00:18","date_gmt":"2016-03-01T19:00:18","guid":{"rendered":"http:\/\/www.samlogic.net\/blog\/?p=4102"},"modified":"2019-07-07T18:12:48","modified_gmt":"2019-07-07T18:12:48","slug":"visual-installer-now-supports-sha-2-and-dual-code-signing","status":"publish","type":"post","link":"https:\/\/www.samlogic.net\/blog\/2016\/03\/visual-installer-now-supports-sha-2-and-dual-code-signing\/","title":{"rendered":"Visual Installer now supports SHA-2 and dual code signing"},"content":{"rendered":"

\"\"Since January 1, 2016, Windows 7 and newer Windows will no longer trust software that is signed with a SHA-1<\/strong> code signing certificate, if the software is downloaded from the Internet and the software is time-stamped with a value greater than January 1, 2016. This means that if you code sign a binary file (for example an EXE file) this year and uses SHA-1 as a hash algorithm, it will not be trusted in newer Windows. Instead you must use a SHA-2<\/strong> (SHA-256<\/strong>) code signing certificate; then the binary file will be trusted by Windows 7 and newer. You can read more about this in the following articles on Microsoft’s website:<\/p>\n

><\/span><\/strong> Windows Enforcement of Authenticode Code Signing and Timestamping<\/a>
\n><\/span><\/strong> Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program<\/a><\/p>\n

Updated Visual Installer<\/strong>
\nWe have updated our installation tool Visual Installer<\/a> to support SHA-2 (SHA-256) when it code signs a setup package. We have also updated Visual Installer to support dual signing, so you can code sign a setup package with both SHA-1 and SHA-2. This is very useful if you have software that should be able to run also in older Windows (for example in Windows XP). By code signing a setup package twice, first with SHA-1 and then with SHA-2, your code sign certificate will be useful in both older Windows and newer Windows.<\/p>\n

How to change hash algorithm from SHA-1 to SHA-2<\/strong>
\nIn Visual Installer you can change the hash algorithm from SHA-1 to SHA-2, for an existing project, by following the steps below:<\/p>\n

1<\/strong>. Start Visual Installer
\n2<\/strong>. Open your project
\n3<\/strong>. Choose the Special – Setup options<\/strong> menu item
\n4<\/strong>. Open the Code Signing<\/strong> tab in the Setup options<\/strong> dialog box
\n5<\/strong>. Open the Option<\/strong> sub tab
\n6<\/strong>. Select the Use SHA-2<\/strong> option<\/p>\n

\"Code<\/p>\n

7<\/strong>. Close the dialog box<\/p>\n

If your minimum system requirements is Windows 7, you can use SHA-2 as a hash algorithm. But if you also want to support older Windows, follow the steps below:<\/p>\n

How to dual sign a setup package (SHA-1 and SHA-2)<\/strong>
\n1<\/strong>. Start Visual Installer
\n2<\/strong>. Open your project
\n3<\/strong>. Choose the Special – Setup options<\/strong> menu item
\n4<\/strong>. Open the Code Signing<\/strong> tab in the Setup options<\/strong> dialog box
\n5<\/strong>. Open the Option<\/strong> sub tab
\n6<\/strong>. Select the Use SHA-1 and SHA-2 (recommended)<\/strong> option<\/p>\n

\"Code<\/p>\n

7<\/strong>. Close the dialog box<\/p>\n

When you open your project file<\/strong>
\nIf you have installed the latest version of Visual Installer 2015<\/strong> (version 10.5.16<\/strong> or later) and opens a project file, you may see this message box when you open your project:<\/p>\n

\"Update<\/p>\n

It is recommended to answer yes, so the latest version of Microsoft’s code signing tool is used when a setup package is code signed. If you want to dual sign a setup package, you must have a quite new version of the code signing tool. You can read more in this blog post<\/a>.<\/p>\n

Available in Visual Installer 2015 version 10.5.16 and later<\/strong>
\nThe functionality described above is available in Visual Installer 2015<\/strong> version 10.5.16<\/strong> and later; in both the Standard and Professional versions of Visual Installer. If you have an active 1 or 12 months maintenance plan<\/a> for Visual Installer 2015, you can download this update for free from our download page.<\/p>\n

See also<\/strong>
\n><\/span><\/strong> What is SHA-1 and SHA-2 and what\u2019s the difference between them?<\/a>
\n><\/span><\/strong> How to code sign a setup package (Visual Installer tip)<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Since January 1, 2016, Windows 7 and newer Windows will no longer trust software that is signed with a SHA-1 code signing certificate, if the software is downloaded from the Internet and the software is time-stamped with a value greater than January 1, 2016. This means that if you code sign a binary file (for … <\/p>\n

Continue reading “Visual Installer now supports SHA-2 and dual code signing”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[10,15],"tags":[],"_links":{"self":[{"href":"https:\/\/www.samlogic.net\/blog\/wp-json\/wp\/v2\/posts\/4102"}],"collection":[{"href":"https:\/\/www.samlogic.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.samlogic.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.samlogic.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.samlogic.net\/blog\/wp-json\/wp\/v2\/comments?post=4102"}],"version-history":[{"count":2,"href":"https:\/\/www.samlogic.net\/blog\/wp-json\/wp\/v2\/posts\/4102\/revisions"}],"predecessor-version":[{"id":6047,"href":"https:\/\/www.samlogic.net\/blog\/wp-json\/wp\/v2\/posts\/4102\/revisions\/6047"}],"wp:attachment":[{"href":"https:\/\/www.samlogic.net\/blog\/wp-json\/wp\/v2\/media?parent=4102"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.samlogic.net\/blog\/wp-json\/wp\/v2\/categories?post=4102"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.samlogic.net\/blog\/wp-json\/wp\/v2\/tags?post=4102"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}