SHA-1 or SHA-256 for Windows kernel-mode Code Signing

Problem Windows Vista and Server 2008 trigger a security warning for code running in kernel mode if the code was signed with a SHA-256 Authenticode certificate. The current workaround is to use a SHA-1 certificate. However, SHA-1 is being deprecated. Patched versions of Windows 7 and newer versions of Windows operating systems will trigger a security warning for code signed with a SHA-1 certificate after December 31, 2015. Certificate Authorities such as Symantec/Digicert state that they will still issue out SHA-1 Code Signing but “SHA-1 Code Signing certificates have a max expiration date of December 30, 2019.” and will be discontinued there after. Patched Windows 7 and newer versions should be unaffected. Kernel-mode code that is signed with a SHA-256 […]

Read More