Tripredacus Posted March 2, 2022 Posted March 2, 2022 I am having some difficulty working with a driver because the countersignature cannot be read, and that uses SHA384. I read one various sites, such as this: https://social.technet.microsoft.com/Forums/en-US/44f02720-ec1d-4ddd-a985-b1d1f23488ea/needed-2-ciphers-in-windows-7 That Windows 7 does not support SHA384 officially, but I was wondering if there is any known way of being able to read these types of certificates.
Dixel Posted March 3, 2022 Posted March 3, 2022 (edited) It does , it's included in the updates, at least someone got it to work. Sorry , don't use win 7 myself to confirm. "After installing today's patches. I found that the cipher suites, signature algorithms and elliptic curves on Windows 7 were updated. Document is here: Microsoft Security Bulletin MS14-066 - Critical https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-066 User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko signature algorithms: SHA512/RSA, SHA512/ECDSA, SHA256/RSA, SHA384/RSA, SHA1/RSA, SHA256/ECDSA, SHA384/ECDSA, SHA1/ECDSA, SHA1/DSA" https://success.qualys.com/discussions/s/question/0D52L00004TnujbSAB/microsoft-updated-the-cipher-suites-on-windows-7 Edited March 3, 2022 by Dixel sec. link 2
mshultz Posted March 3, 2022 Posted March 3, 2022 This article explains what patches need to be installed for SHA-2 support: https://support.microsoft.com/en-us/topic/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus-64d1c82d-31ee-c273-3930-69a4cde8e64f 1
Tripredacus Posted March 3, 2022 Author Posted March 3, 2022 A little from both, I have now resolved this issue. It is weird because I'm certain I had previously installed some SHA2 support on that system already. I can read the certs now on the driver but still having an issue using them, it must be unrelated.
Dixel Posted March 4, 2022 Posted March 4, 2022 12 hours ago, Tripredacus said: I have now resolved this issue. It is weird because I'm certain I had previously installed some SHA2... Could it be because they have different SHA-2 updates versions ? And ,as far as I know, they were later included inside of the big all-in-one rollup packs. 2
mshultz Posted March 4, 2022 Posted March 4, 2022 The August 2018 Windows 7 x64 ISO I got from Microsoft included the SHA-2 update. That saved me the trouble of having to install it prior to installing the Nvidia video driver.
TSNH Posted March 4, 2022 Posted March 4, 2022 There were at least 3 Windows 7 updates that claimed to add/update SHA-2 support in Windows 7: KB2949927 from 2014 - https://support.microsoft.com/kb/2949927 KB3033929 from 2015 - http://support.microsoft.com/kb/3033929 KB4474419 from 2019 - https://support.microsoft.com/help/4474419 And some more info here: https://aka.ms/sha1deprecation Interestingly this Microsoft article mentions the 2019 update as the first one
Tripredacus Posted March 4, 2022 Author Posted March 4, 2022 I had used KB2868725, KB4474419 v3 and KB4490628 The system is completely isolated on the network so it can't do things like update the root certificate list. Which I did download but there is no instruction on how to use it. I had gotten the link from Event Viewer as a log was made every time I looked at the cert on the file in question. These updates made that event log go away also.
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now