[wix-users] MSI Signing

Gerhard Matzen gmatzen at osisoft.com
Sat Apr 15 12:24:39 PDT 2017


To support older operating systems, our company does sha1 one signing of MSIs using a sha2 certificate.



Sent from my Verizon, Samsung Galaxy smartphone


-------- Original message --------
From: Walter Dexter <wfdexter at gmail.com>
Date: 4/15/17 6:17 AM (GMT-08:00)
To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org>
Subject: Re: [wix-users] MSI Signing

I don't know anything about it in this context but generally speaking SHA1 is considered broken/deprecated.

> On Apr 15, 2017, at 6:08 AM, Christopher Painter <chrpai at iswix.com> wrote:
>
> I recently obtained an SHA256 certificate and have gone down the path of dual signing / time stamping all of my EXE and DLLs.  I then attempted to dual sign my MSI and got an error saying it isn't supported.
>
>
> I did a google search and found very little information and conflicting opinions.  If you can only single sign is it better to sign with SHA1 or SHA256?
>
>
>
> ____________________________________________________________________
> WiX Toolset Users Mailing List provided by FireGiant http://www.firegiant.com/

____________________________________________________________________
WiX Toolset Users Mailing List provided by FireGiant http://www.firegiant.com/



More information about the wix-users mailing list