Hi All,
I have been using SHA1 certificate to digitally sign my exes. According to this, Microsoft is about to deprecate SHA1 Code signing certificates and it is recommended to use SHA2 certificate for code signing. But the same page also says that SHA2 certificate is not supported by XP and Vista devices.
I would like to have a single exe that runs on all flavors of Windows above XP. What is the recommended solution to achieve this.
- Is dual signing an exe with SHA1 and SHA256 algorithm recommended ?
- If my exe is signed with SHA2 certificate with digest algorithm set to SHA1, it runs fine on all flavors of windows (above XP). Does this comply with SHA1 deprecation policy ? Does this approach work if my signature is time stamped with a date after 01/01/2016 ?
Thanks in advance.