Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for SHA256 code signing #685

Closed
tonyedgecombe opened this issue Feb 11, 2016 · 5 comments
Closed

Support for SHA256 code signing #685

tonyedgecombe opened this issue Feb 11, 2016 · 5 comments
Assignees
@bjorkstromm
Labels
Improvement
Milestone
v0.17.0

Comments

@tonyedgecombe
Copy link
Contributor

As of 1st January Microsoft no longer accepts SHA1 certificates for code signing.

The existing Sign code does not support SHA256 signing and timestamps.

The required options are:

/fd File digest algorithm
/tr RFC 3161 compatible time stamp server
/td Timestamp digest algorithm
/as Append signature (to enable signing for XP and Vista)
@swanitzek
Copy link

I have the same problem.

Even appening the required argument via the ArgumentBuilder isn't possible because the order of the arguments passed to signtool matters.

A valid command line for signing a file with SHA256 looks like this:

signtool.exe SIGN /sha1 "<THUMBPRINT>" /fd sha256 "File.exe"

A possible workaround is to prepare the correct argument string manually and call signtool.exe directly.

@patriksvensson
Copy link
Member

@swanitzek You can slso return a new ProcessArgumentBuilder from the ArgumentCustomization lambda and rewrite all parameters that way.

@bjorkstromm
Copy link
Member

@patriksvensson, mind if I take a stab on this one? Needed to sign using sha256 today, and doing the ArgumentCustomization dance was a ugly workaround.

@devlead
Copy link
Member

devlead commented Oct 21, 2016

@mholo65 Perfect I've assigned this issue to you.

bjorkstromm added a commit to bjorkstromm/cake that referenced this issue Oct 21, 2016
@bjorkstromm
(cake-buildGH-685) Adds support for SHA-256 code signing and timestam…
ece23ce 
…ps in SignTool
@bjorkstromm bjorkstromm mentioned this issue Oct 21, 2016
Merged
@gep13 gep13 added this to the v0.17.0 milestone Oct 25, 2016
gep13 pushed a commit to bjorkstromm/cake that referenced this issue Oct 25, 2016
@bjorkstromm @gep13
(cake-buildGH-685) Adds support for SHA-256 code signing and timestam…
6c6d236 
…ps in SignTool
@gep13
Copy link
Member

gep13 commented Oct 25, 2016

Big thanks to @mholo65 for implementing this!

@gep13 gep13 closed this as completed Oct 25, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bjorkstromm bjorkstromm

Labels
Improvement
Projects
None yet
Milestone
v0.17.0
Development

No branches or pull requests
6 participants
@patriksvensson @tonyedgecombe @gep13 @devlead @bjorkstromm @swanitzek