Forum Discussion
Can't sign my driver with sha384 EV code signing certificate
Hello, our company renew EV code signing certificate, and now it has sha384 algorithm, our driver correct pass all HLK tests, and after it i have signed my *.hlkx result with this certificate, but mi...
I correct sign driver in HLK, all tests are passed, but after i can't upload my *.hlkx result to microsoft, because i have error: "Microsoft allows SHA2 only signature algorithm. Please re-sign with a valid certificate and submit again", i have bought certificate on sectigo.com, and now they provide sha384 algorithm, because sha256 is deprecated, but microsoft can't accept this *.hlkx signed with this certificate.
https://docs.microsoft.com/en-us/windows-hardware/drivers/dashboard/update-a-code-signing-certificate
- Deleted, you have signed driver thougth HLK? I've signed drivers about five years, and i know how to buy certificate, how to pass HLK tests, and how to upload *.hlkx to microsoft partner center, but now sectigo.com provide me sha384 certificate and sign *.hlkx result using HLK studio with this certificate, but microsoft partner center don't accept this result, because my certificate is not sha256 😞
https://docs.microsoft.com/en-us/windows-hardware/drivers/dashboard/update-a-code-signing-certificate
- Starting from May 28, 2021, 14:00 MDT (20:00 UTC), DigiCert will require 3072-bit RSA keys or larger for code signing certificates. This change is to comply with industry standards. These new RSA key size requirements apply to the complete certificate chain: end-entity, intermediate CA, and root. ECC key requirements however remain unchanged.
So how can i choose SHA256 when i sign my *.hlkx result from HLK STUDIO ?