locked
Why cant certificates with SHA1 hash algorithm be used to sign the appx file?

    Question

  • Hi,

    I want to sign my appx file with a client certificate which adheres to SHA1 algorithm for side loading purpose.

    When I try signing it ,I get an error - Specified algorithm cannot be used or is invalid.

    Why cant certificates with SHA1 hash algorithm be used to sign the appx file?

    Thanks

    Tuesday, April 21, 2015 10:28 AM

All replies

  • I can't find documentation that says it can't be SHA-1, but I found this:

    The algidHash member of the SIGNER_SIGNATURE_INFO structure must be the same hash algorithm that was used in creating the app package. For info about how to determine the hash algorithm from the app package, see How to sign an app package using SignTool.  The Windows 8 default algorithm that MakeAppx and Visual Studio use to create app packages is “algidHash = CALG_SHA_256”.

    https://msdn.microsoft.com/en-us/library/windows/desktop/jj835834(v=vs.85).aspx

    If you were to create the app package using SHA-1, it might work.  Why do you want to do this?


    Matt Small - Microsoft Escalation Engineer - Forum Moderator
    If my reply answers your question, please mark this post as answered.

    NOTE: If I ask for code, please provide something that I can drop directly into a project and run (including XAML), or an actual application project. I'm trying to help a lot of people, so I don't have time to figure out weird snippets with undefined objects and unknown namespaces.

    Tuesday, April 21, 2015 3:31 PM
    Moderator
  • Thanks for your reply.

    How can I create the app package using SHA-1? I need to sign the appx file with a certificate which adheres to SHA-1 has algorithm.

    Wednesday, April 22, 2015 2:40 AM
  • In the package.appxmanifest, go to Packaging.  There's a button that says "Choose certificate". Click on that and choose the certificate you want to sign the package with when you build it.

    Looking at the pre-installed certificate for a random app that I opened indicates that the default is a SHA-256 certificate.

    Matt Small - Microsoft Escalation Engineer - Forum Moderator
    If my reply answers your question, please mark this post as answered.

    NOTE: If I ask for code, please provide something that I can drop directly into a project and run (including XAML), or an actual application project. I'm trying to help a lot of people, so I don't have time to figure out weird snippets with undefined objects and unknown namespaces.

    Wednesday, April 22, 2015 5:23 PM
    Moderator