Microsoft authenticode code signing


#1

Dear SketchUp C API experts,

Microsoft has updated and moved forward the deprecation date for SHA-1 as an approved code signing algorithm. These requirements were updated in December 2015 in response to the latest attacks against the SHA-1 algorithm.

Effective January 1, 2016, Microsoft Windows (version 7 and higher) and Microsoft Windows Server will no longer trust new code that is signed with a SHA-1 code signing certificate for Mark-of-the-Web(file downloaded from the Internet) related scenarios and that has been time-stamped with a value greater than January 1, 2016. According to the updated digital code signing requirements, new code must use SHA256 algorithm for File digest, certificate signature algorithm and time stamping signature algorithm. Any digitally signed code not meeting the above requirements will cause Microsoft Windows to present a security warning to the users indicating untrustworthiness of the code.

Could you provide the new SketchUpAPI.dll that is signed with SHA-256? Thank you.


#2

I also post this issue in the following SDK category.


#3

#4