 When
you code sign an installation you can choose which hash
algorithm to use. You can choose to use SHA-1 or SHA-2,
or both hash algorithms. We recommend you to choose both hash
algorithms (the Use SHA-1 and SHA-2 option in the
Setup options dialog box) if your software sometimes will be
installed in older Windows, like Windows XP.
If the minimum system requirements for your software is Windows
7, you can choose SHA-2.
It is not recommended to choose only SHA-1 because newer
Windows (like Windows 10) does not consider this hash algorithm
safe anymore, and extra warning messages may be shown in for
example Windows 10, when the installation starts or when the
software is downloaded.
When the Use SHA-1 and SHA-2 option is chosen, Visual
Installer will first code sign the setup package using the
SHA-1 algorithm, thereafter Visual Installer will code sign
the setup package using the SHA-2 algorithm.
Important
If you want to use the Use SHA-1 and SHA-2 option
when you code sign installation packages, you must have
specified a file path to version 6.3 or newer of the
signtool.exe program file. Older versions of
signtool.exe does not support dual code signing.
If you have installed Windows 8.1 SDK in your computer,
the version 6.3 of signtool.exe is located in
this file path:
C:\Program Files (x86)\Windows
Kits\8.1\bin\x86\signtool.exe
If you have installed Windows 10 SDK in your computer,
an even newer version of signtool.exe is
available in this file path:
C:\Program Files (x86)\Windows
Kits\10\bin\x86\signtool.exe
If you don't have Windows 8.1 SDK or Windows 10 SDK
installed, we recommend you to download and install one
of these SDKs to get access to version 6.3 or later of
the signtool.exe program file. |
|
