Being on Windows 10 Quick Ring, I got weird behavior in my own installation executables:
I have signed SHA-1 with Authenticode since years, and never had any problems.
Recently, Windows 10 does not recognize my (valid) signatures.
When downloading the setup.exe file from my site and executing it, a Windows SmartScreen message box appears and tells me:
...
Publisher: unknown
...
When viewing the properties of the just downloaded installation executable, it shows the signature and tells me that the signature is valid.
In addition, the entire certificate chain is valid.
I sign it like this:
SignTool.exe sign /v /t http://timestamp.verisign.com/scripts/timstamp.dll
/f "my-authenticode.pfx" /p "my-password" "my-setup.exe"
( )
:
- ( ) ?
:
:
Windows 10 Fast Ring . ( Windows Server 2008 R2 ).- Windows 10 Fast Ring .
1:
MSDN 2013 , , , - , , .
: , Authenticode, .
, SmartScreen - / ?
, / SignTool.exe?
2:
-Fast Ring Windows 10 SmartScreen .
, SO, .
, Symantec, :
Windows Vista 64-bit Windows 7 . , "-" , Microsoft.
, .
, .
3:
GSerg " Authenticode " Microsoft TechNet.
.
, - SHA-1. SHA-2/SHA-256, Thawte.
SmartScreen Windows 10, .
DigiCert, , , SmartScreen . , Thawte, .
Windows Vista, , SHA-256. TechNet , .
4:
. SO, SmartScreen .
DigiCert - , , , ( EV) ( ).
5:
. SmartScreen, , .
, (SHA-1 SHA-256) SmartScreen.
/ :
, , "thawte" - SHA-1.
, SmartScreen, , , .
6:
" RoHS SHA-2?" , SHA-256.
Authenticode DigiCert. .
, SmartScreen .
, Thawte Authenticode DigiCert Authenticode.
SHA-256 , DigiCert.