From dd1e62ebcd62338b2cf16ebab6157c9e74416a0e Mon Sep 17 00:00:00 2001
From: Mounir IDRASSI <mounir.idrassi@idrix.fr>
Date: Sat, 16 Jan 2016 16:50:33 +0100
Subject: [PATCH] Windows: Add SHA-256 EV Code Signing using the new GlobalSign
 certificate on top of the SHA-1 code signing. Create new SHA256 test code
 signing certificate and update test signing script.

---
 src/Signing/GlobalSign_R1Cross.cer            |  26 +++++++++++++
 .../GlobalSign_Root_CA_MS_Cross_Cert.crt      |  30 +++++++++++++++
 .../GlobalSign_SHA256_EV_CodeSigning_CA.cer   | Bin 0 -> 1155 bytes
 .../idrix_SHA256TestRootCA.crt                |  35 ++++++++++++++++++
 .../TestCertificate/idrix_Sha256CodeSign.pfx  | Bin 0 -> 3243 bytes
 src/Signing/sign.bat                          |  13 ++++---
 src/Signing/sign_test.bat                     |  12 ++++--
 7 files changed, 106 insertions(+), 10 deletions(-)
 create mode 100644 src/Signing/GlobalSign_R1Cross.cer
 create mode 100644 src/Signing/GlobalSign_Root_CA_MS_Cross_Cert.crt
 create mode 100644 src/Signing/GlobalSign_SHA256_EV_CodeSigning_CA.cer
 create mode 100644 src/Signing/TestCertificate/idrix_SHA256TestRootCA.crt
 create mode 100644 src/Signing/TestCertificate/idrix_Sha256CodeSign.pfx

diff --git a/src/Signing/GlobalSign_R1Cross.cer b/src/Signing/GlobalSign_R1Cross.cer
new file mode 100644
index 00000000..9274e71e
--- /dev/null
+++ b/src/Signing/GlobalSign_R1Cross.cer
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEXTCCA0WgAwIBAgILBAAAAAABJQcd+a8wDQYJKoZIhvcNAQELBQAwVzELMAkG
+A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
+b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0wOTExMTgxMDAw
+MDBaFw0xOTAzMTgxMDAwMDBaMEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9vdCBD
+QSAtIFIzMRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzCV2kHkGeCIW9cCDtoTK
+KJ79BXYRxa2IcvxGAkPHsoqdBF8kyy5L4WCCRuFSqwyBR3Bs3WTR6/Usow+CPQwr
+rpfXthSGEHm7OxOAd4wI4UnSamIvH176lmjfiSeVOJ8G1z7JyyZZDXPesMjpJg6D
+FcbvW4vSBGDKSaYo9mk79svIKJHlnYphVzesdBTcdOA67nIvLpz70Lu/9T0A4QYz
+6IIrrlOmOhZzjN1BDiA6wLSnoemyT5AuMmDpV8u5BJJoaOU4JmB1sp93/5EU764g
+SfytQBVI0QIxYRleuJfvrXe3ZJp6v1/BE++bYvsNbOBUaRapA9pu6YOTcXbGaYWC
+FwIDAQABo4IBMzCCAS8wDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w
+HQYDVR0OBBYEFI/wS3+oLkUkrk1Q+mOai97i3Ru8MEYGA1UdIAQ/MD0wOwYEVR0g
+ADAzMDEGCCsGAQUFBwIBFiVodHRwOi8vd3d3Lmdsb2JhbHNpZ24ubmV0L3JlcG9z
+aXRvcnkvMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5u
+ZXQvcm9vdC5jcmwwTwYIKwYBBQUHAQEEQzBBMD8GCCsGAQUFBzABhjNodHRwOi8v
+b2NzcC5nbG9iYWxzaWduLmNvbS9FeHRlbmRlZFNTTFNIQTI1NkNBQ3Jvc3MwHwYD
+VR0jBBgwFoAUYHtmGkUNl8qJUC99BM00qP/8/UswDQYJKoZIhvcNAQELBQADggEB
+AEJSqX6iz1s7y0vduvhXWdMkpHdy72JEN4LtBu4E1RZfJKMU3GxUBWqwmz3agTna
+rSjblW+Bg/XNYrFFJLHdKeUIVJWVjPAdBl8a1kY/E0AXSBEWm0dN0Tq1D1cckjDQ
++LIlOwrN9of5x7JX0z99pYwUzpyox59Gk9pZ+nldZSA1RFpPwZCdwVSSVtw0yPXB
+A9BdwFlInAD8laDx0Xb3FjbIE5J/LSvAuIDxJiYfQU1Svx6XuwGCCOcV9sHVNCrM
+9eTDh3pXgeHW10KGYgF34qnEeob0BDh6B2p9AOxz96gLNHjFnrPvuDhADowzU8h1
+7F8+6nVe/4IOdBXcGQXzujE=
+-----END CERTIFICATE-----
diff --git a/src/Signing/GlobalSign_Root_CA_MS_Cross_Cert.crt b/src/Signing/GlobalSign_Root_CA_MS_Cross_Cert.crt
new file mode 100644
index 00000000..32c4b620
--- /dev/null
+++ b/src/Signing/GlobalSign_Root_CA_MS_Cross_Cert.crt
@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFJjCCAw6gAwIBAgIKYSkVJwAAAAAAKjANBgkqhkiG9w0BAQUFADB/MQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEe
+MBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSkwJwYDVQQDEyBNaWNyb3Nv
+ZnQgQ29kZSBWZXJpZmljYXRpb24gUm9vdDAeFw0xMTA0MTUxOTU1MDhaFw0yMTA0
+MTUyMDA1MDhaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52
+LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxTaWduIFJvb3Qg
+Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZjc6j40+Kfvvx
+i4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavpxy0Sy6scTHAH
+oT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp1Wrjsok6Vjk4
+bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdGsnUOhugZitVt
+bNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJU26Qzns3dLlw
+R5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N89iFo7+ryUp9/
+k5DPAgMBAAGjgcswgcgwEQYDVR0gBAowCDAGBgRVHSAAMAsGA1UdDwQEAwIBhjAP
+BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzAf
+BgNVHSMEGDAWgBRi+wohW39DbhHaCVRQa/XSlnHxnjBVBgNVHR8ETjBMMEqgSKBG
+hkRodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNy
+b3NvZnRDb2RlVmVyaWZSb290LmNybDANBgkqhkiG9w0BAQUFAAOCAgEAX/jQZXRq
+gcamylsDtpFK6Eu97yuhQvDvtKWtzTOJ7AuVhaxiUBEIqljSWqCDEOWmM3ryWvLF
+/nh88JyD3xkK2XOWAC3WLM3pFNQdneg/PBp295BO+wE1CmyTE6DDVutnoOTRepbe
+wmfxkPgKe/UyG5TsX3UfjRs02mxYp8stJ54iJrfJqjDMB3e4NuOCAbU5PMyN2adf
+fyOzh3/bV5iRi9fOJSDjnWRP3Yf3K2hJAxjgpd98X2hkTTaDjUeB8ungqGmr+nsW
+PAWkSeqIMBkKbHMFUXjf1B3dOtR/LeROVL6DQx56dDO0pOvXcHO8KgKYiWbu9ryP
+dJN44ykCWlpD4ljOfM+aytI2iTviX9omBU7I1OcskQ4Xl8W+7osTESMjKU/6g9BQ
+9rr61T2zFz30/wNKoyXc5nVh0fo1CGvWJ0TQaLeNReDrhSzIoV1hRHQWDllYrtK1
+7qW81tcHarYpeP2XZ2fdjU8XlE/S7QyvlyQ3w6Kcgdpr4UO2V3tM7L95Exnnn+hE
+6UeBt15wHpH4PdF7J/ULcFZDSAXdqS+rhhAdCxLjGtBMbnXe1kWzC3SIh5NcVkpB
+Apr3rreZ2LZ/iPoR8kV89NcbkcAc8aD71AgKQRoUKs706zRIbmaHntVLejl/uw49
+OGHPc1cG5BIGa9lrUwjNcBjCLU+XRpG8qfA=
+-----END CERTIFICATE-----
diff --git a/src/Signing/GlobalSign_SHA256_EV_CodeSigning_CA.cer b/src/Signing/GlobalSign_SHA256_EV_CodeSigning_CA.cer
new file mode 100644
index 0000000000000000000000000000000000000000..6cdc7000cbc4eeef3c0854a36bfa15c24b4dc806
GIT binary patch
literal 1155
zcmXqLVyQQ1VoqPc%*4pV#LdD01dN8A$9x|e@Un4gwRyCC=VfH%W@Rw&F;p;+V`C0w
z;T9Hm&&f|p%n8m+&r=A>&o5DMc2v++2r@PlHV_1<;1cFSsDKGFBMTbHiSrs78dw+@
z85)2<6p(9)#5Kq><Tl_0nZ+i|<m757X&??USO8(LLSC6}aiXD%ffGoIS=bs$%C({-
zH7_MKMIkIPCo?6nBr`ux!8t!A73Ad1ymW|zgFPILOwE8UcQ-O<VpKx*Fe57ia}y&!
z15licsfm%1VfHrpdhyUTreUj=Z2s4E!D`C9%(pTtw*EI?5_$Sk!_)tIw<Y^hF1%hP
zDwn#pZD+}wlwI>!f8C!^$IZPpDf_Fy+|9y^e(kt={^2~8=P`^NkGHH@W#rkwRaX7<
zqTG*<Ps4RqOU%zVce|_Ud;iwMxsGm5dx9UWcU!@e|6y0)!WFB3%bxn|V4h~Wci(~^
z+@8T7-C5n<vzAYv{&m9t_5KDS(w@I>8!qSQwA#~qs=(%1NXqxfE#9}bOz&N>g6G_|
z(5fT1t~fEc+E3<B>9zf_Q>c6oN7u$x+k_ZTc-(vWgzKqV_c_j+kM6J5mJzeP_s-DC
z>&0A-FP*{fPZllzwYW`q<-;q-t}`(+GB7S~VzdK>h?M~!FvMl~85#exumIByn}HCB
zFAU;y7_b2;CPoGWS&$eXix`Ut*B%ueo$qs=&YxPdcK6i}5`mVjc?RwvX$2Ms13Lp7
zHWnb0!NA18h>b&=jggg=orzIQEu*BQpx8=Zzr4I$FCCoVih;4Gmz<xgUzA#qUz}Nz
zUsS1YU<NWso<-k4*FbxL<^uILRggxYzT~1DWPN$5CHh6c#Hw3ltOt}bu!Gsf$jD*@
zOoDnaz5!#K64Z$N<l+J&WJAD~0}UxMHV_8ctIEP-zy;ID%xoYJ5>#f9Fc51H>Hpwe
zze3MdWu0%pujE<X_a5Dq-h-URfSC%I#uyn^Efk#oe~a>q&&+Qw_q`8V7}IQ;{Ph1v
zr|r$A$0mObh@0K1_#z@$qQm6(UC)O~ulTz*DtTy1-qHK1oDtC|5~{1RQ!}F?cumpY
z(;vHn7u-4_kl$&coVR=C$KnaMKkjc>ysp<%bWd-`-$>bi!s|i~FPnarA=}o`V}dB_
zlO+<&SFW#oywYJ?j^dijbu!Olzp!lVzQuE6)$5&Rf%W26z2+Lnx9=#NAapDzXG@Fq
z$EEIfjx4s;iG9V<eB`mEz?0RAsa#HBH#TK_oBUMnQ8VLe?zT<mmwK5m*>or8dXr(V
q{e)*5wO9)}|0u}L*ZO|u?&PiEyssUYnJ%#Sx4ivO)WAMfNCW`;ccxGP

literal 0
HcmV?d00001

diff --git a/src/Signing/TestCertificate/idrix_SHA256TestRootCA.crt b/src/Signing/TestCertificate/idrix_SHA256TestRootCA.crt
new file mode 100644
index 00000000..398b1692
--- /dev/null
+++ b/src/Signing/TestCertificate/idrix_SHA256TestRootCA.crt
@@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----
+MIIGKDCCBBCgAwIBAgIJAPNwP4lI5IZwMA0GCSqGSIb3DQEBCwUAMIGjMQswCQYD
+VQQGEwJGUjEPMA0GA1UECBMGRlJBTkNFMQ4wDAYDVQQHEwVQQVJJUzEOMAwGA1UE
+ChMFSURSSVgxITAfBgNVBAsTGFNlcnZpY2UgZGUgQ2VydGlmaWNhdGlvbjEfMB0G
+A1UEAxMWSURSSVggVGVzdCBTSEEyNTYgUm9vdDEfMB0GCSqGSIb3DQEJARYQY29u
+dGFjdEBpZHJpeC5mcjAeFw0xNjAxMTYxMTUwMDBaFw0zNjAxMTExMTUwMDBaMIGj
+MQswCQYDVQQGEwJGUjEPMA0GA1UECBMGRlJBTkNFMQ4wDAYDVQQHEwVQQVJJUzEO
+MAwGA1UEChMFSURSSVgxITAfBgNVBAsTGFNlcnZpY2UgZGUgQ2VydGlmaWNhdGlv
+bjEfMB0GA1UEAxMWSURSSVggVGVzdCBTSEEyNTYgUm9vdDEfMB0GCSqGSIb3DQEJ
+ARYQY29udGFjdEBpZHJpeC5mcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
+ggIBANuY1v1iYcZ9LQbIqSA/gmhci27aUiD/hLGLyp4EvR31qVNdDbPX9BoL+Eky
+OK5UwmlpYeJ1ClQm4dRL/eYVga02xk1HBbFzMdEd4BTihymdmyjEmefFulfieXmp
+eHqv5+vQIs7lv5izjHKYoXjrlU0udVUodkYRxzU52rKOhoJeiv83WxilMvip1/5i
+hk5PFlqHV+fPwZ5sUzVWqtRiO8a/GQsqU76nbOcpDC2XFWkQZ3r8Y9KMwcCO6/2W
+l64XP1nuwSAvPDa/22uOddTYindrTRSE5/Sdt5/WmO0RUJJHcLREUhLholaLO9et
+isQL3jpvxzNWPGrP+Qnq3rjLRTCW2MlztsalQTnAZVdAWkWpIdse3rAea0rrH9sD
+CBuQP5ZHIGHJIEwJ7lDuX4MW/qsYNXgjgr2oEQMEfCAOhlWyij1rw/5w89MHeBYv
+iZvDv3+Ut3oENoWKqoCiAOw7pOX7ucDlaTTd9AT6oNHGVUhzfFWQG6+ep8JZbFYc
+CKc0jePYCCjmiiP0BkT9k8COBXfofylG1NHgtaevn4UzZecN5vd4DLR55iwLjZl/
+0YQ6QADH8mPkHGBjthLgE0Aw4nmolKNnjuYHJq0CsoalcGIizfz62aWKkEzVW7xo
+UWLkdnOc9mlWWLlzoxjrNZ4Nd0x+tCtE98lEsj8EgKmI9xpbAgMBAAGjXTBbMB0G
+A1UdDgQWBBS/pppkb7p9BT/BVTiGqiiP2681HDAfBgNVHSMEGDAWgBS/pppkb7p9
+BT/BVTiGqiiP2681HDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG
+9w0BAQsFAAOCAgEAVslsFGfU9luvWD9+/vfgcqUvLGL8jZPxgHZWD+nzEDjFdETp
+H9N9LVH3hu7eg8ZwU4CnpUujoo+t73GxS4prbzzThZ98uFAxYEcVzKndPa662d8U
+D0Jl5+bCyMhOIl1OpDG5vV/YReWfpfmBMdZvX7ax8fqtqsoxi/zuqiWeMxMc6GHt
+TOupBVanW4Bw6PhVEnjZRQMMbv/0W11NBI6m6yVKGnJUcmMx1Pyc8xg34QgHmhOj
+EQ0WaNW5BgDwcPTA5lKnhWZ8JUk86vvNhqf0AY9Kqa9iMLRLBHTp8UV9daA4UMDp
+jjgukdYouNWb5rFbJtFdKYUYPTB0AWVDC+3ML97lZzyNS7H/DeBZS6V/5f+yartk
+t7berj9NXi+1jU+a3O45yrvSleahyBuKyCzL3E/fTdgyoLFEoh8xN62/wfwe7DnV
+onsekRnSDJnwKKZdkGN/xzsk3l0gcfLLq58Tk0wuLOZBtYF8H728VsQW+WPXGzpr
+l7V5j5mllxw/EB4rUQa1c9Nea0+E0nloor0vgLVdvnYc9fDvVUNVOUt9uw8kFTmA
+qXn194A/SKA2ZBJ8Y3kxQe+lFXvqRMz4HaCGeK7VBcvoRE0TTdkpiM+m7fFo7cOL
+YdhffQjie2l4ACygMeU7ggw1cM7gFa820MnV04SGHiMQ19F5p3rn0wDITT0=
+-----END CERTIFICATE-----
diff --git a/src/Signing/TestCertificate/idrix_Sha256CodeSign.pfx b/src/Signing/TestCertificate/idrix_Sha256CodeSign.pfx
new file mode 100644
index 0000000000000000000000000000000000000000..44dd3f6b7c863edfc8fce3ee91fe2dc30284f879
GIT binary patch
literal 3243
zcmY+GXE+;d+s6}Pma4toMy*(}g4iV`)GCdliW;?Q?-?<wR#j>3RRp!EJz6VfRZ+ED
zLV{XVd%b!b@B7}*^WhxV|9@TQ$MbhV&{P;AATb0@^^BAP9HSj`L=7YZ=A)?|gV0pw
z*D?}<CdK?~k>;aG)32peA|T+pB>w9FAsnQX|2u&SND8?LB1h17ve<ZgOArx}15jvE
z>oSjdUswvT`e&6#b8iQoq0jWxj&9GHhf7rkNR?NLE=d$FXHnAh&xZ&qxe9BdnhO|*
z>1QGv<~P1nq~dm)28@Ra(jxC3y8^8F=PEG2n(j1a7A22CRUfOg;%LX55?+yjy~S&C
z8u-?_WUuf)*hE$ly17{scM`yn=QPgbi+AJYF13mMPTyN%B4Qi5hEhHR<&NB(!GCFv
z6sxYs>v~bhQukaSL+3Eym~)xErMj5&iuR?qs;jyA4+q(wR9CoW;#;ttA>phRO_1~g
zlb>FEDGRhAot>nuQc+8}nsI^(F3-c7dc>3VP%iMWna|MQMr(!Jk4Vn87nttVou$bP
z6=R=$DcXA*SiEcEpqe?n`N=>m^1Dn%`mltVecOU={Tuzt%@^JYq&RSq9mhUSa^6w@
zaN2vW^!1^@)S=!Gzuua_Q`wi~9--oo#(PpW+Z)vGvqdj<M|wq+6zJse#p|Qg?W^4a
zeE4a25E`>VeqvHl@A6e*#cCwWl;(A};?{^XN<CQ5v_<XPMqut?Bayt-O0$0s8xKq!
zG!Q?B)oi2u_XYC@Mel*z9))VvX1Z}AotrHQx*db94)t5lXSP}Csj4>z!nWrQg!|Wh
zoC3z2);z`+XxCmOp5GwGW`BLs&8;n4@qE_WAmTep9iu7qoZ3@L1mQs`n{Zg>y1EKN
zZj&c<-&wd>yysIH*-eMM;YGU<zol#v&M!TSd@;3K^-qH*p=X<*X8C@!oN)4Lg@#hT
zr4_Z`Jc}w26!$k%tfz*50Ho2kYCVSMw{5w9;vGFG?+*;TB|_zRDjGc!?PdOAN+`iS
zC<1{JhAHMqBFJ7A32fQk!hk{pcUbCV)^rYuJn=3XT{NQ8yJ`X?X)_-$Pcwsk6Bt*o
zYT?5A<FC<!sR-}RWu5@Lt?w4;QkWjjrOPW-S|vyBLwwxEl8sRWXB_5<<O<26cWDey
z;&|`9t5MgF{U_9muiPt692*FI>sd&13T)EE%H6#X;Xr!We9PWVq{%MaA+}a#w|sHn
zWy8fMtU73Drh@m+I=lH^w{(HED6hEMd{CpKGc)~Ydqa~G?pq-Pf5Fyhu)1@VBIM@-
z95SmpS?;LgkFSRD@h$*Lk=+Ly#`OeRdF}`>v~}>>rbQ1c&cV)m%(L6DN&`i^dH3^5
z1lQe?yCn=@0i@cCGlHkBK6qls*>yx}-xc38#!wJ2+qcFyK~FJgEi_3a&}s)L0S%>V
zaclY<&xzHZ9XChob`QxG`t}59L4gb%(8&3>sd166f_wxrg_Kabj`?MVqY=xWdgQgc
zuCLOAxvw1Eqr*@ycNDV1sfTPRM=zY_rCZ!zeH!Et4nMOxDA`tWGpA?hq5%0bcl7Nc
zoRdYAxrWH9oh{0G(BE8aQX>a>SmuH^oh|kT4{ByVIIYqx$(g>H_SgD0)Xk&^HD6(A
zW3f(Eh$>p^i+xHr6Yd^Ht?@>s-_+;G3w&N>_L|$DV@E>no$eT|zzU<dhWw=gz1<D9
z&|m(7QKEh^KiIL^`@hd6Qbhag($rK^Dun91pOQO{KPf%T8tMxpahcE>+xB@GvfLIG
zqqr<-D#D&cv3+oatan_gc<<RHTcl61C-qjaOOYvjnm)zJyEz;^4<u->eY(q5+_A7R
z5{Hpd{h5go{XEX30FNBmf;?p7$3}G4J-*R(99k|zfU~~fK*^umr_|gMG%FQ1eTGg}
z=5rlLvQAJf%bB?NKq7Y(iOtfOw5}u1{3=`k)4+Yxcq19`JLXv&%+Lr#WgI@4Pr!L+
zh}Nr23Xmvdl*TV_(WfyX(#?(Rqeah&{qfoh8LgKa)Hn1qda26?z1#!l7w^Z?oe$_w
z94O`ceje)34r-p(<y7dA#5H;*P8sG(OxIY0L3;afm~!80*BFbmo_SK!0%s-~T~$v<
z`GYp=n1l^|VjG!UAt#3pitIlYcS?*CIJ*x7+8q2dRb)Ppcf2uI%iUmUXzeF<Tw1*k
zeLdB8ndYGONj8`;ubd#gv(#+BS;t=@c|r6*h!-c!gWWJeU4>sQf~Vqs{L|?|H`%1r
z)m9c_TRTmVq&LG+=|9yAWi#1Mgw~9++NT?4Ra=#fWN}2U@(3iT!PuEYIO8V=7YP2n
zop-?cZljM}-gkl4yM1(4?Wo_2@j=ie|ADG&ijky)&?KqXa`JT~kly$|JW&FP^3kAe
z2pY8UU(_Q0OD&H~U|O6E2jyRCfzY6V_hsIei4HRI3dfa=fW4K5gO@FiQ7EPK65q2S
z4%cdh_ARD$It?|vG_59Mo<lR7;V!D|*K5|bWN!D8zJWF>i|2*fCs!rLgq3)(f!W>{
z=2d9pO3-0r-6Ygv=U0xJ`<$ARyx--UaMr#H%GV=W&`~+_-my@!Fx6l4T*=^KCgumh
zS5m{IwjFw!&B5k%p24ajBoMQ7Z(RGn-euC&R!%S%Nh4{JL7z-TaJ6gvR|!q5=FO*-
zVEHhmGm6U9s63ri>D}M@We;y=5jw_{&#I(fROG7mR`e>rylwQPo;y3hm55JIb(^1M
zoe+$I#vG@gP$_IWahm{aS?{Mh>fWk|$^gseF&H%Vk`O&9Qz!0S&`ReO3S~n}VGVxh
z@aVaD4Q8^|axb4wQ|1oHi`~<k+cgF)f-2Z{$cTW3V#C7k$KOfKt<;N0Gmt!RV6Jld
z7QVbs9l|#Fru{5HsR2o$|H!>IvpZYn(|3(-Pqo^_UWq6)xs|V}9#rYAAsnnHs9!p9
zB3q7QX*RN(b~5G(vKtzbwmmYeufditWz-53f;KSJHw`m+whl8i;S#;VW5srkWVeaw
z#f$fMMe4ZN?7Cdb!YHQz_FS)!ekWZel@GwH9Jw*9Bj@ap^Mhn@UN6=C*#lDwgb>Gs
zf1cO}aDmK}V%d<Rma|!!`fZv&0%=i2SpJY=|NRc1da9a|Dnnkdj$e#%(5jmLMKk}=
z^NI<Y_n6*raodk$O*S2#3~{?O)Nyz*?{z#2_O?F{q{4_3*Q|_upv;U99dQcP<Y@YJ
z&u$K1w$Ptj*UwIDnyPkDT*%m~6wuP!X>JG9@pXB|$Y=<QiPlWADnqLWCS9=K>Ol;C
zI{@24M+W?ClV@p(@hU8VDFASkf5QNKSJYABDV*8j4*P^vbLl?uF+md`RpX%|#cb@Q
zAU0O;@KJe$M#Li`nhwuj<LCs~di13V=bs#ECdx*yp29y1NT6W4tJ58S3S8k4gy;4c
ztJ&pU&7dh4F(>E2jlet_*T$U5TQX=LxS{ojNCb^9(&foOUC|y5oJo7jbl9N*v~f0i
z(md&>7eE+!#n^<B%~LPJ``<Q>?7wUg+1uf!?-s6-xx>$ugamS+G9DE6848CcH<n(i
z7}@W`G)~7ZU^5$pFRzQa+^l9J?7Dy_v_3q7?cZ{mt>Mx%xl#9oCrV{&sQNH`<rYv_
zT6&sX=&&O9qEKh;aPTtT5>Gx9@jKYyiH>3xdNH-_7G$Gu$8`3G2$QAvKa;WX^z)7=
z<bzKo5~^vYe$+z4^?vRser~~;V^>+32nighsPnWny0YtC_KPTa8<_jE0Yz1^hPM}f
z`v=I_vgfm&?@B-e2*Sz!l)K<vOB{mw(eV7{Lk2r+A&l4C*HzOzEy+HcxiB7HzGczA
z`(?pQiOYCr!0?9nv*if}ZQ#e%AYljiz#s!AdRWD(y|={Oh)Y+lt7DyWU^}z2mh0<6
z9nnXoiJGJD%Eu`DAydEHXvD2(I{Pe#7v|iVa^IM`wT=typ*e32bGf!Rk6#ke){>pq
zEP*Rtap(IdGDtBgDYZ!f@MCtDn0L(E%>&w0LJcJbLraQ-KW#40M)DrR4S~Op!YCvo
z;vjtg|6iwIlw<-iNS<K!V+miut^UVOtY5TaZIq{UAh!QrVvs~~nE(&~O~C!@{1Ctm
zFag*Dya7JfoiRWgpbn4%$O53(Ck=o*!0y`nt2+Un0^F{%+jafx*aN(-UpN6AuEQ2!
zbKToRBq2Ny3Q`i0o5VzHBmfY@DNX#^@1A~3$&gC#?3Rdl^JD}LL=OGKx&D<MlJj>L
F{|_)1{d)ia

literal 0
HcmV?d00001

diff --git a/src/Signing/sign.bat b/src/Signing/sign.bat
index 8c1e3920..d1d6652f 100644
--- a/src/Signing/sign.bat
+++ b/src/Signing/sign.bat
@@ -1,12 +1,13 @@
 PATH=%PATH%;%WSDK81%\bin\x86
 
 rem sign using SHA-1
-signtool sign /v /a /n IDRIX /ac thawte_Primary_MS_Cross_Cert.cer /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys"
-signtool sign /v /a /n IDRIX /ac Thawt_CodeSigning_CA.crt /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
+signtool sign /v /a /n IDRIX /i Thawte /ac thawte_Primary_MS_Cross_Cert.cer /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys"
+signtool sign /v /a /n IDRIX /i Thawte /ac Thawt_CodeSigning_CA.crt /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
 
 rem sign using SHA-256
-signtool sign /v /a /n IDRIX /ac thawte_Primary_MS_Cross_Cert.cer /as /fd sha256 /tr http://timestamp.geotrust.com/tsa "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys"
-signtool sign /v /a /n IDRIX /ac Thawt_CodeSigning_CA.crt /as /fd sha256 /tr http://timestamp.geotrust.com/tsa "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
+signtool sign /v /a /n "IDRIX SARL" /i GlobalSign /ac GlobalSign_Root_CA_MS_Cross_Cert.crt /as /fd sha256 /tr http://timestamp.globalsign.com/?signature=sha2 /td SHA256 "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys"
+signtool sign /v /a /n "IDRIX SARL" /i GlobalSign /ac GlobalSign_SHA256_EV_CodeSigning_CA.cer /as /fd sha256 /tr http://timestamp.globalsign.com/?signature=sha2 /td SHA256 "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
+
 
 cd "..\Release\Setup Files\"
 
@@ -19,8 +20,8 @@ del *.xml
 cd "..\..\Signing"
 
 rem sign using SHA-1
-signtool sign /v /a /n IDRIX /ac Thawt_CodeSigning_CA.crt /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt Setup 1.16.exe"
+signtool sign /v /a /n IDRIX /i Thawte /ac Thawt_CodeSigning_CA.crt /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt Setup 1.16.exe"
 rem sign using SHA-256
-signtool sign /v /a /n IDRIX /ac Thawt_CodeSigning_CA.crt /as /fd sha256 /tr http://timestamp.geotrust.com/tsa "..\Release\Setup Files\VeraCrypt Setup 1.16.exe"
+signtool sign /v /a /n "IDRIX SARL" /i GlobalSign /ac GlobalSign_SHA256_EV_CodeSigning_CA.cer /as /fd sha256 /tr http://timestamp.globalsign.com/?signature=sha2 /td SHA256 "..\Release\Setup Files\VeraCrypt Setup 1.16.exe"
 
 pause
diff --git a/src/Signing/sign_test.bat b/src/Signing/sign_test.bat
index c36f0536..9daf78e4 100644
--- a/src/Signing/sign_test.bat
+++ b/src/Signing/sign_test.bat
@@ -2,12 +2,16 @@ PATH=%PATH%;%WSDK81%\bin\x86
 
 set PFXNAME=TestCertificate\idrix_codeSign.pfx
 set PFXPASSWORD=idrix
+set PFXCA=TestCertificate\idrix_TestRootCA.crt
+set SHA256PFXNAME=TestCertificate\idrix_Sha256CodeSign.pfx
+set SHA256PFXPASSWORD=idrix
+set SHA256PFXCA=TestCertificate\idrix_SHA256TestRootCA.crt
 
 rem sign using SHA-1
-signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys" "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
+signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac %PFXCA% /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys" "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
 
 rem sign using SHA-256
-signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /as /fd sha256 /tr http://timestamp.geotrust.com/tsa "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys" "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
+signtool sign /v /a /f %SHA256PFXNAME% /p %SHA256PFXPASSWORD% /ac %SHA256PFXCA% /as /fd sha256 /tr http://timestamp.globalsign.com/?signature=sha2 /td SHA256 "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys" "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
 
 cd "..\Release\Setup Files\"
 
@@ -20,9 +24,9 @@ del *.xml
 cd "..\..\Signing"
 
 rem sign using SHA-1
-signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt Setup 1.16.exe"
+signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac %PFXCA% /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt Setup 1.16.exe"
 
 rem sign using SHA-256
-signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /as /fd sha256 /tr http://timestamp.geotrust.com/tsa "..\Release\Setup Files\VeraCrypt Setup 1.16.exe"
+signtool sign /v /a /f %SHA256PFXNAME% /p %SHA256PFXPASSWORD% /ac %SHA256PFXCA% /as /fd sha256 /tr http://timestamp.globalsign.com/?signature=sha2 /td SHA256 "..\Release\Setup Files\VeraCrypt Setup 1.16.exe"
 
 pause
\ No newline at end of file