Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Website Security Solutions

SHA 256 Support For Symantec Code Signing Certificates is Here

Created: 17 Apr 2013 • Updated: 17 Apr 2013 • 1 comment
Leelin Thye's picture
+2 2 Votes
Login to vote

Secure Hash Algorithm 256 (SHA-2 or SHA-256) support on Symantec Code Signing for Individuals and Symantec Code Signing for Organizations is available starting April 1st, 2013 on the following Symantec Code Signing platforms: Microsoft® Authenticode™, Java™, Adobe® Air® and Microsoft® Office Visual Basic® for Applications (VBA). You will be able to select the option for SHA-2 through the ordering pages, reissue process and via the Application Programmatic Interface (API) for QuickOrder, QuickInvite and Reissue.

SHA-2 was published by National Institute of Standards and Technology (NIST) as U.S. Federal Information Processing Standard.

Please note that some older applications and operating systems do not support SHA-2, for example, Windows™ XP Service Pack 2 or lower does not support the use of SHA-2. Java SDK 1.4.2 or higher needs to be installed and used on the server for SHA-2 support for Java server support.

If you are using a Windows environment, please refer to the following blog for SHA-2 deployment:  http://blogs.technet.com/b/pki/archive/2010/09/30/sha2-and-windows.aspx

Please refer to http://docs.oracle.com/javase/1.4.2/docs/guide/security/CryptoSpec.html  for SHA-2 deployment on Java servers.

In addition, Apache™ version 2.x or higher is required to support SHA-2 on Apache based servers and Open SSL 1.1.x will be required  for certificate signing request and private key generation.

SHA-2 support is available to you as option in securing your code signing certificates. Please select the secure hash algorithm that is aligned with your corporate policy.

Comments 1 CommentJump to latest comment

AFranklin's picture

Thank you for this enhancement!

Just to clarify one point, Windows XP SP3 does not support SHA-2 Authenticode certificates, even though it provides limited SHA-2 support elsewhere:

"...the S/MIME signed e-mail verification and the Authenticode signature verification do not support the SHA2 hashing algorithms on a computer that is running Windows XP SP3. "

http://support.microsoft.com/kb/968730/en-us (see the "More Information" section), and http://blogs.technet.com/b/pki/archive/2011/02/08/common-questions-about-sha2-and-windows.aspx

So as a publisher of an Authenticode-signed ClickOnce app, I'm having to use SHA-1 until a larger portion my clients upgrade from XP.

+1
Login to vote