PDA

View Full Version : SignTool and SignCode Information



NewsArchive
02-14-2016, 05:54 AM
All,

Beginning with the next February 2016 maintenance build of SetupBuilder 10,
the default Microsoft Authenticode code-signing method will switch from
SignCode.exe to SignTool.exe. We'll continue to support both tools for
maximum backward compatibility.

As you probably know, you cannot legally redistribute the Microsoft
Authenticode code-signing technology (e.g. SignTool.exe). But SetupBuilder
10 developers can use our small (210 KB) "Get SignTool V10" program
developed with SetupBuilder 10. This software can detect your SetupBuilder
environment and download and install SignTool.exe Version 10.0.10240.16384
from the official Microsoft server directly into your SetupBuilder 10 \Lib
folder.

http://www.lindersoft.com/projects/GetSignTool10.exe

My internal statistic shows clearly that most software developers are still
on Windows 7 <g>. SHA-2 is only partially supported on Windows 7. On most
Windows 7 SP1 machine, dual SHA-1/SHA-2 code-signing fails. It does not
matter whether you are using SignTool.exe version 6.1.7000, 6.1.7600,
6.2.9200, 6.3.9600 or 10.0.20140. SHA-1 in the dual code-signing process
succeeds, but SHA-2 fails.

This is the recipe for dual SHA-1/SHA-2 success:

1. Use SetupBuilder 10.

2. Use Windows 8.x or Windows 10.

3. Use SignTool.exe version 10.0.10240.16384.

4. Make sure Microsoft Capicom is installed and registered.

The following SetupBuilder tool lets you install Capicom (if you need it):
http://www.lindersoft.com/forums/showthread.php?29427-Problem-compiling&p=53010#post53010

5. Follow the "SB10 Tips & Tricks #1: Dual SHA-1/SHA-2 code-signing"
http://www.lindersoft.com/forums/showthread.php?46908

Please note that we cannot provide access to older versions of SignTool.exe
(e.g. 6.1.7000 RC, 6.1.7600, 6.2.9200, or 6.3.9600). It's simply not
allowed.

Friedrich

--
Friedrich Linder
Lindersoft | SetupBuilder | www.lindersoft.com
954.252.3910 (within US) | +1.954.252.3910 (outside US)

--SetupBuilder "point. click. ship"
--Helping You Build Better Installations
--Create Windows 10 ready installations in minutes
--Official COMODO Code Signing and SSL Certificate Partner