Matthew Pope
Reputation: 7669
Is there any reason to not generate page hashes for authenticode signing with signtool.exe?
According to this TechNet article on forced integrity checking, there are some circumstances where generating page hashes (the /ph option) is required. There are other circumstances mentioned where pages hashes are recommended for performance reasons.
Given that generating page hashes is optional, it seems logical to conclude that there must be some possible negative consequence for generating page hashes. However, neither the TechNet article nor the signtool.exe documentation the documentation provides no reasons given for why one would choose not to generate page hashes.
Are there any possible negative consequences that can come from generating page hashes for Authenticode signing?
Upvotes: 3
Views: 172
Answers (0)
Related Questions
- "Invalid SHA1 hash format" error calling signtool from msbuild or command line
- How to setup signtool with SHA256 on Windows 7?
- How to embed hash in exe file with signtool.exe
- Why signtool.exe don't support /as option while dual sign SHA2 and SHA1
- Signing C# Assembly in IDE vs with signtool.exe
- Authenticode signature verification - is the slow process. Should I at all?
- Why does SignHash need to know what hash algorithm was used?
- Does an assembly's signature need to be authenticatable?
- Should I sign my DLLs?
- Signing .net assemblies: Is it necessary and what does the added cost get me?