Hello,
I am trying to run my service as Protected on Windows 8.1.
For this I have referred msdn article: https://msdn.microsoft.com/en-us/library/windows/desktop/dn313124(v=vs.85).aspx.
I already tried below ways:
- Signing service binary and dependent non-windows dlls with Test sign certificate-sha1 along with Page hash signing.
- Signing service binary and dependent non-windows dlls with Test sign certificate-sha256 along with Page hash signing.
From tryouts mentioned above, I came across a situation where tryout 1 never worked but I got success in tryout 2.
Below are my queries:
- Is it necessary to sign binaries only with SHA256 certificate to run it as Protected?
- If SHA256 certificate is compulsory, then how one should deal with situation such that if there is dependency of any Windows
redistributable dll(mfc90u.dll) signed with SHA1 certificate? Do I need to recompile project with Visual studio 2012 or above and keep certificate hash of redistributable files in ELAM resource section? - If answer to first query is FALSE, then please help me to understand possible cause behind failure when I used test sign SHA1 certificate?
- If binaries are dual signed(SHA1 and SHA256 certificates), do I need to keep hash of both certificates in ELAM resource section?
Thanks in advance.