Menu
We need to sign a dll file with SHA1 & SHA2 (to obtain prior to Win XP SP3 signing cert with SHA1 and post Win XP SP3 OS's with highest security of SHA2). I found an article that says to do something like the below, but I can't get it to work (show 2 certs in Win 8). For an example of what I mean by a dual signed dll, look at the certificate of the System.Data.dll in the .NET framework 4.0 in Windows 8, and you'll see a SHA1 & SHA2 certificate in the properties window.
Signtool sign /fd sha256 /ph /as /sha1 XX...XX $(TargetPath)
http://msdn.microsoft.com/en-us/library/windows/hardware/hh967734(v=vs.11).aspx
Does anyone know how to do this? Thanks! -jp
284
To sign your add-in with your own certificate, you first need to purchase a digital signature from a digital certificate vendor. Once you obtain a certificate (cer) or Personal Information Exchange (pfx) file, you can sign your DLL(s) using signtool.
It is a recommended secure practice to sign all binaries that you ship and validate their signatures at runtime. If your dlls are to be used by other products then you must sign them as those products will want to verify their authenticity and integrity.
I figured this out. Below is how you do this. Hope this helps someone else out:
signtool sign /fd sha1 /f sha1cert.pfx /p password file.dll
signtool sign /as /fd sha256 /f sha2cert.pfx /p password file.dll
*have to use at least a VS2012 developer command prompt for SHA2 signing
189
Key point is using the /as switch on the secondary sign step to "append signature". If you don't include that, it'll just overwrite the first signature.
33
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
