search

Yubico / yubikey-piv-manager

Tool for configuring your PIV-enabled YubiKey
https://developers.yubico.com/yubikey-piv-manager/
GNU General Public License v3.0
42 stars 7 forks source link

Latest 1.2.1 authenticode signed with SHA1 digest #10

Closed vcsjones closed 7 years ago

vcsjones commented 8 years ago

The Windows version of the prebuilt binary for 1.2.1 is signed with a SHA256 certificate, but the file digest algorithm of the signature is still SHA1. Likewise, so is the timestamp digest algorithm.

It appears that the latest build of Windows 10 (on the fast ring) no longer allows signatures where the file digest algorithm is SHA1, causing it to warn that the signature is invalid.

screen shot 2016-04-10 at 8 31 35 pm

Regardless of whether or not this change reaches Windows stable, I'd recommend re-releasing this with a dual SHA1 / SHA256 signature.

dainnilsson commented 8 years ago

Thanks, I suspect this affects several of our Windows builds, which should all be signed using SHA256. Should be a simple fix...