PDA

View Full Version : Resolution on dual signing after Jan 2016?



NewsArchive
12-09-2015, 01:13 PM
Hi Friedrich,

I was wondering if you were able to come to any confirmation if dual signed
program files that are signed after Jan 2, 2016 will cause a problem on the
latest operating systems?
I want to be able to help my clients decide which way they should go.

Thanks,
Rick

NewsArchive
12-10-2015, 02:43 AM
Hi Rick,

> I was wondering if you were able to come to any confirmation if dual
> signed program files that are signed after Jan 2, 2016 will cause a
> problem on the latest operating systems?
> I want to be able to help my clients decide which way they should go.

For developers targeting Windows Vista and Server 2008, some Certificate
Authorities will be allowed to continue issuing SHA-1 code signing
certificates. So my interpretation is that it will still be possible to
handle "dual" code-signing after January 1, 2016 to support both legacy and
modern Windows operating systems.

It is expected that dual code-signed programs do not cause problems on
modern Windows operating systems.

Effective January 1, 2016, Windows 7 and higher and Windows Server will no
longer trust any code that is signed with a SHA-1 (only) code signing
certificate and that contains a timestamp value greater than January 1,
2016.

We plan to support dual code-signing until January 1, 2017 (or longer, if
possible).

Friedrich

NewsArchive
12-10-2015, 10:35 AM
Thanks, Friedrich

Rick Martin