Query about SHA256 certificate compatibility with Office versions for VBA code signing RRS feed

  • Question

  • Hi. I distribute a Word template signed by a Thawte certificate and have historically supported all versions of Word.

    However, my renewed Thawte code signing certificate is SHA256 rather than SHA1. I have since Googled (or Bing-ed...) and realise that SHA256 is now the new standard and new signings for SHA1 will soon not be trusted.

    So can I check the definitive position on compatibility for the various version of Office (in my case, Word)? I haven't found a page that sets things out clearly.

    Word 2013 and above will be fine - that is clear.

    Word 2010, I understand, needs a hotfix for signing (https://support.microsoft.com/en-us/kb/2598139) but will a user be able to run SHA256 signed code OK or will they need the hotfix too? I don't have access to Word 2010 to check.

    Word 2007 and below, I understand, is hopeless and can never run SHA256, no matter the OS. Presumably this is correct and there is no workaround and never will be?

    Thank you in advance.

    Wednesday, September 9, 2015 12:51 PM