Microsoft Windows SHA-1 & SHA-2 Code Signing Hash Algorithm Support

General Information ID:    INFO3199    Updated:    12/18/2015

Description

The following table provides information on Microsoft Windows operating system and code signing supporting SHA-1 & SHA-2 hash algorithm.

Operating System SHA-256 Support Up through Dec. 31, 2015 Jan. 1 - Dec. 31, 2016 Jan. 1, 2017 +

Windows Vista

Limited: https://support.microsoft.com/en-us/kb/2763674


User Mode: SHA1, limited SHA256 download/install support with patch.

Kernel Mode: SHA1 ONLY

User Mode: SHA1, limited SHA256 download/install support with patch.

Kernel Mode: SHA1 ONLY


User Mode: SHA1, limited SHA256 download/install support with patch.

Kernel Mode: SHA1 ONLY

Windows Server 2008

Limited: https://support.microsoft.com/en-us/kb/2763674


User Mode: SHA1, limited SHA256 download/install support with patch.

Kernel Mode: SHA1 ONLY

User Mode: SHA1, limited SHA256 download/install support with patch.

Kernel Mode: SHA1 ONLY


User Mode: SHA1, limited SHA256 download/install support with patch.

Kernel Mode: SHA1 ONLY

Windows Server 2008 R2

With update: https://technet.microsoft.com/en-us/library/security/2949927

User & Kernel Mode: SHA1, SHA256 with hotfix


User & Kernel Mode: SHA256 with hotfix.

Windows continues to verify SHA1 signed code which has been timestamped prior to Jan. 1, 2016.

 

User & Kernel Mode: SHA256 only (with hotfix).

Windows no longer trusts any SHA1 signed code.

 

Windows 7

With update: https://technet.microsoft.com/en-us/library/security/2949927

User & Kernel Mode: SHA1, SHA256 with hotfix

 

User & Kernel Mode: SHA256 with hotfix.

Windows continues to verify SHA1 signed code which has been timestamped prior to Jan. 1, 2016.


User & Kernel Mode: SHA256 only (with hotfix).

Windows no longer trusts any SHA1 signed code.

 

Windows Server 2012 Yes User & Kernel Mode: SHA1, SHA256 with hotfix


User & Kernel Mode: SHA256.

Windows continues to verify SHA1 signed code which has been timestamped prior to Jan. 1, 2016.


User & Kernel Mode: SHA256 only.

Windows no longer trusts any SHA1 signed code.

Windows 8 Yes User & Kernel Mode: SHA1, SHA256

 

User & Kernel Mode: SHA256.

Windows continues to verify SHA1 signed code which has been timestamped prior to Jan. 1, 2016.

User & Kernel Mode: SHA256 only.

Windows no longer trusts any SHA1 signed code.

Windows 10 Yes User Mode: SHA1, SHA256.

Kernel Mode: EV Code Signing cert + Microsoft Submission

 

User Mode: SHA256. Windows continues to verify SHA1 signed code which has been timestamped prior to Jan. 1, 2016.

Kernel Mode: EV Code Signing cert + Microsoft Submission

User Mode: SHA256 only.
Windows no longer trusts any SHA1 signed code.

Kernel Mode: EV Code Signing cert + Microsoft Submission

Java

Yes
SHA1, SHA-256

Recommended to use only SHA-256


Recommended to use only SHA-256

Adobe Air Yes
SHA1, SHA-256

Recommended to use only SHA-256


Recommended to use only SHA-256

 

Microsoft TechNet:
http://social.technet.microsoft.com/wiki/contents/articles/32288.windows-enforcement-of-authenticode-code-signing-and-timestamping.aspx
 

Symantec Dual Signing knowledge base solution:
https://knowledge.symantec.com/support/code-signing-support/index?page=content&id=INFO2274&actp=search&viewlocale=en_US

Contact Support

Find Answers