Certificate Requirements Question

%3CLINGO-SUB%20id%3D%22lingo-sub-2448689%22%20slang%3D%22en-US%22%3ECertificate%20Requirements%20Question%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2448689%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20in%20the%20process%20of%20replacing%20my%20expiring%20code%20signing%20certificate%20and%20am%20finding%20that%20the%20CA%20will%20no%20longer%20issue%20certs%20with%20%22only%22%202048%20bit%20encryption%20(their%20minimum%20is%20now%203072%20but%20I'd%20probably%20want%20to%20just%20go%20to%204096).%26nbsp%3B%20In%20looking%20around%20the%20Microsoft%20documentation%2C%20I%20don't%20see%20any%20reference%20to%20minimum%20or%20maximum%20encryption%20used%2C%20nor%20any%20reference%20to%20if%20things%20like%20SHA512%20may%20be%20used.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20would%20guess%20yes%20in%20both%20cases%2C%20but%20wanted%20to%20ask%20here%20first%20before%20completing%20the%20purchase.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2472540%22%20slang%3D%22en-US%22%3ERe%3A%20Certificate%20Requirements%20Question%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2472540%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F146612%22%20target%3D%22_blank%22%3E%40TIMOTHY%20MANGAN%3C%2FA%3E%26nbsp%3BThis%20might%20be%20something%20we%20look%20into%20in%20the%20future%20but%20we%20currently%20have%20no%20plans%20to%20use%3CSPAN%3E%26nbsp%3BSHA512.%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
MVP

I am in the process of replacing my expiring code signing certificate and am finding that the CA will no longer issue certs with "only" 2048 bit encryption (their minimum is now 3072 but I'd probably want to just go to 4096).  In looking around the Microsoft documentation, I don't see any reference to minimum or maximum encryption used, nor any reference to if things like SHA512 may be used. 

 

I would guess yes in both cases, but wanted to ask here first before completing the purchase.

2 Replies

Hi @TIMOTHY MANGAN This might be something we look into in the future but we currently have no plans to use SHA512. 

@Dian Hartono 

So I have learned a little more in researching.

  • The increased bit length for the encryption appears to work both in signtool and AppInstaller for files signed with a 4096 bit RSA.
  • The desire to move past 2048 bits appears to be coming from the browser folks.

The bit length increase appears to be to make it harder for someone to break that encryption.  In our use in code signing, this means that it would become harder for a third party to fake sign a manipulated package with something that looks like our key.  I am not too worried about that, but the increased CPU consumption for verification is OK.

 

But I am concerned over the hashing algorithm used with SHA256.  Mostly because of the way that is abused to generate the PublisherID.  The fact that only small part of the hash bits are used seems unnecessarily scary; it seems to be more of a "security by obscurity" play than any real benefit. Moving to SHA512, or at least supporting signing that uses it, may make sense in the future and seems like it should be possible without breaking anything. Getting rid of this oddity of PublisherID as part of the "package family name" altogether as part of the package uniqueness might be a better improvement to help with the package upgrade scenario [discussed What is PackageFamilyName in MSIX and why do I need to know? – Confessions of a Guru (tmurgent.com) ] when the cert must be changed out.