Digitally Signed Binaries RRS feed

  • Question

  • I have looked around the Internet but found no definitive answer.

    So SHA1 is obviously on its way out and SHA256 coming in but how will Windows handle digitally signed binaries?

    If I have an application already out on the market using SHA1 digital signatures, how will Windows handle it come 1st Jan 2017? Will it throw up the warnings of "The signature of this file is corrupt or invalid" and "Windows Protected your PC" when run and SmartScreen detects it is SHA1? Meaning I, and many other companies out there would need to re-release a SHA256 signed binary version of our application.

    Or will existing SHA1 applications continue to run uninterrupted and only new applications would need SHA256 signatures?

    Friday, September 30, 2016 4:37 PM

All replies

  • More precisely.

    If I have a SHA1 signed binary (both pre 2016 and during 2016) that isn't downloaded through IE11 or EDGE (so won't get Mark of the Web) how will Windows 7 and up handle it come 1st Jan 2017.

    Will my applications run or will SmartScreen pick them up as being unsafe?

    Wednesday, October 5, 2016 9:41 PM