DISCUSSION All Windows
executable files ("desktop" apps) released by Cloanto since 1999 have been signed and timestamped with Microsoft Authenticode technology. In 2014
this was extended to include dual SHA-1 and
SHA-256 hashes (one for legacy
compatibility, the other for increased
security). When you right-click a Windows executable file (e.g. files ending in .exe,
.msi
or .dll) you can select Properties, then Digital Signatures and click on
Details to verify the digital
signature of the file. This allows you to confirm the publisher, the
signature time, and the integrity of the
file. Under Details, the signer name should be "Cloanto Corporation"
and the dialog should say "This digital signature is
OK". If you selected Properties/Digital Signatures on
an executable file and noticed an error message, or no digital signature at
all, or a digital signature not signed by Cloanto Corporation, a verified Nevada, USA, corporation, this may mean that the file is either incomplete or corrupt.
This may have been caused by a download problem, or, for example, by a
malicious modification (a virus program, an
unauthorized download site adding their
adware or malware, etc.), and we recommend
that you download the software again.
Windows Installer (MSI) files are also
signed with Authenticode. As these files do
not support dual signatures, in 2019 the
transition was made from SHA-1 to the more
secure SHA-256. This means that the new
signatures are not recognized on Windows XP
and on Windows Server 2003. Windows 7 and
Windows Server 2008 were extended to support
SHA-256 via Windows Update mechanisms. This
support is built-in on newer versions of
Windows.
Cloanto Corporation also provides digital
signing for trusted partner projects. Where
this is the case, additional publisher
information is included in the
documentation.
Microsoft Store provides additional
mechanisms for signing and verifying apps.
Where this applies, the files may not have
an Authenticode signature. Related Links
| 
