Codesigning only uses SHA1

This forum can be browsed by the general public. Posting is limited to current SAPIEN license holders with active maintenance and does not offer a response time guarantee.
Forum rules
DO NOT POST LICENSE NUMBERS, ACTIVATION KEYS OR ANY OTHER LICENSING INFORMATION IN THIS FORUM.
Only the original author and our tech personnel can reply to a topic that is created in this forum. If you find a topic that relates to an issue you are having, please create a new topic and reference the other in your post.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
This topic is 5 years and 8 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
User avatar
brvzit-pss01
Posts: 17
Last visit: Fri Jan 19, 2024 12:08 am

Codesigning only uses SHA1

Post by brvzit-pss01 »

To help you better we need some information from you.

*** Please fill in the fields below. If you leave fields empty or specify 'latest' rather than the actual version your answer will be delayed as we will be forced to ask you for this information. ***

Product, version and build: Powershell Studio 2018 5.5.150
32 or 64 bit version of product: x64
Operating system: Windows Server 2016
32 or 64 bit OS: x64

Signing of code uses only SHA1 for *.ps1, *.exe, *.psm1 files.
Powershell Version is v5.
The Signing and the Timestamp algorithm should follow the certificate or Powershell Version.

This Topic was adressed here to, but seems not to be fixed yet:
viewtopic.php?f=12&t=12176&p=65604&hilit=sha1#p65604
User avatar
davidc
Posts: 5913
Last visit: Mon Jul 08, 2019 8:55 am
Been upvoted: 2 times

Re: Codesigning only uses SHA1

Post by davidc »

Which signing process are you referring to? The script signing or the packager / MSI signing?

Also verify that your certificate supports SHA-256. If not, it might roll back to SHA-1.
David
SAPIEN Technologies, Inc.
User avatar
brvzit-pss01
Posts: 17
Last visit: Fri Jan 19, 2024 12:08 am

Re: Codesigning only uses SHA1

Post by brvzit-pss01 »

Script signing. The certificate is SHA-256 and can be used with Set-AuthenticodeSignature and signtool.exe to sign with SHA-256.
User avatar
davidc
Posts: 5913
Last visit: Mon Jul 08, 2019 8:55 am
Been upvoted: 2 times

Re: Codesigning only uses SHA1

Post by davidc »

We made some changes and are about a release a new build. Please test the signed after the new build is release.
David
SAPIEN Technologies, Inc.
User avatar
davidc
Posts: 5913
Last visit: Mon Jul 08, 2019 8:55 am
Been upvoted: 2 times

Re: Codesigning only uses SHA1

Post by davidc »

The new service release is available. Please update to this build and see if there is a difference if you use the built-in signing.
David
SAPIEN Technologies, Inc.
User avatar
brvzit-pss01
Posts: 17
Last visit: Fri Jan 19, 2024 12:08 am

Re: Codesigning only uses SHA1

Post by brvzit-pss01 »

Updating to the new version 5.5.151 doesn't change the behavior. Cert is SHA256, sign-algorithm is SHA1.
User avatar
davidc
Posts: 5913
Last visit: Mon Jul 08, 2019 8:55 am
Been upvoted: 2 times

Re: Codesigning only uses SHA1

Post by davidc »

Can you post a screenshot of your settings under Options->PowerShell?

If you don't want to post on the forum, you can upload up load it here:

https://www.sapien.com/support/upload
David
SAPIEN Technologies, Inc.
User avatar
brvzit-pss01
Posts: 17
Last visit: Fri Jan 19, 2024 12:08 am

Re: Codesigning only uses SHA1

Post by brvzit-pss01 »

Uploaded some files...
User avatar
davidc
Posts: 5913
Last visit: Mon Jul 08, 2019 8:55 am
Been upvoted: 2 times

Re: Codesigning only uses SHA1

Post by davidc »

When I checked the algorithm of the signed files, they both displayed SHA256.

Note: I'm unable to test the certificate attached.
David
SAPIEN Technologies, Inc.
User avatar
brvzit-pss01
Posts: 17
Last visit: Fri Jan 19, 2024 12:08 am

Re: Codesigning only uses SHA1

Post by brvzit-pss01 »

How do you test that? - I'm using: "Windows explorer, rightclick, properties, Digital Signatures" the failing file shows "sha1" as Digest algorithm, like everything signed with PowershellStudio - and only the "self" signed shows "sha256"
ExplorerProperties.jpg
ExplorerProperties.jpg (34.72 KiB) Viewed 3749 times
This topic is 5 years and 8 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.