How to setup signtool with SHA256 on Windows 7?
I have been using SHA1 signing for many years, but from 2016, Windows is forcing developers to use SHA256.
Windows Enforcement of Authenticode Code Signing and Timestamping
By using Windows 7 SDK signtool the functions to sign SHA-256 is "unknown commands", so this signtool is obsolete as a signtool and shouldn't be used any more.
To sign with SHA256 I downloaded the Windows 8.1 SDK to get signtool.exe which got the new functions(/fd and a few others). The BAT file and signtool works on Windows 8 and 10, so I know it works, but crashes on Windows 7 when it tries to timestamp the file.
I use a bat file to sign files, which looks like this(I edited the BAT file so it doesn't show variables, full paths, company name and passwords):
Path\signtool.exe sign /f "Path\Certificate.p12" /fd sha256 /p *password* /du "URL" /tr "timestampServer?td=sha256" /td sha256 /d "Product name" "Filename"
I guess, I don't have the proper SDK to support some of the functions, but I can't find any info on the internet on how to setup this on a Windows 7. I tried to install MS Visual C++ 2015 Redistributable (x64) on my machine without solving the problem.
Seems I'm no good at reading. I'm answering my own question as others could find it hard to find, just like I did.
Windows doesn't support the signtool.exe on Windows 7 any more, so that is why old/obsolete functions like SHA-1 signing is still working, but SHA-256 time stamping is a problem. I found this on MSDN:
Quote from MSDN: Note You can only use SignTool to sign your Windows Store app packages on Windows 8 and later or Windows Server 2012 and later. You can't use SignTool to sign app packages on down level operating systems such as Windows 7 or Windows Server 2008 R2.
If you want to read the whole thing then look here:
- How can I get the number of CPU cores in Powershell?
- how to set help utility for my own command in batchfile?
- Facing Android Studio Emulator Error with AMD CPU [2021]
- Does Delphi treat .exe files differently based on filename length?
- A Windows-compatible C IDE that will be able to compile FFmpeg?
- How can I hook Windows functions in C/C++?
- Run a .cmd file through PowerShell
- Is there a portable C compiler for windows?
- WriteConsoleOutputCharacter not working properly
- On Windows what is the difference between Git Bash vs Windows Power Shell vs Command prompt
- tmux no server running on /tmp/tmux-*/default - Windows msys2 terminal
- Specify compiler NVCC uses to compile host-code
- Why could DDK successfully compile an invalid source file?
- How to get the path of the batch script in Windows?
- Windows Batch: Get file Path without overlaying folders from bat file
- Tracing all functions in my program
- How to find out if an MSI I just installed requested a Windows reboot?
- Error: ANDROID_HOME is not set and "android" command not in your PATH. You must fulfill at least one of these conditions.
- Cygwin compiling error: "this application has requested the runtime to terminate it in an unusual way"
- Running SSH Agent when starting Git Bash on Windows
- Extracting .jar file with command line
- Set font and font size in R Console programmatically?
- Is it secure to use a password argument in a Windows command?
- Unable to start program - Access is denied error in Visual Studio
- Chocolatey was not upgrading package to the latest version until I manually specified the version
- Low level mouse hook - mouse freeze on breakpoint
- Windows batch file - splitting a string to set variables
- How to detect when the delete key is pressed on the keyboard?
- Pasting commands after `timeout` doesn't execute them in cmd
- How to install ripgrep on Windows?