madshi.net

Could you please help us in such issue:
We use MadCodeHook for loading of 3 DLLs. It has to work on Windows from XP to Win 10.
For driver signing we use sha1 digital cert. But our sha1 cert will expire in a few days. So we will have to sign by sha256 soon and it will not work at XP and Vista.

Of course we can sign driver now, while sha1 cert is actual, but when we will change DLLs in a future, they will sign by sha256 cert. Will it work?

Are there any solutions for such issue? How can we change DLLs without having to reconfigure and sign the driver?

Or maybe there is some other solution to our problem?

Thank you in advance!

Please use either forum or email for support, but not both.

With GlobalSign, I recently bought (renewed) a SHA256 certificate, but I was able to reissue the same certificate as SHA1, as well, so I have both SHA1 and SHA256. For signing, I first sign with SHA1, and then add an SHA256 certificate on top. This seems to make both older and newer OSs happy.

Thank you!

Another important piece of information to factor in. As of Windows 10 1607 all new versions of Windows you wish to support Secure Boot with will require an EV signed driver and also Microsoft's signature from the dashboard/dev portal. The portal is what actually enforces the EV certificate requirement, not the OS itself. Just keep this in mind if you intend to support Secure Boot.

Source:
https://techcommunity.microsoft.com/t5/ ... a-p/364894


--Iconic