We need to sign Windows software with sha2 algorithm but installing signtool seems to be a problem, since I am having difficulties to install the software on my machines.
Moreover, I would like to sign the exes on linux.
We used to perform the task with signcode but it only supports sha1 and md5. Since 01.01.2016, sha1 and md5 are not accepted anymore.
Therefore I would like to know what are the alternatives to perform the task.
Update: I did get a signtool extracted from another computer and it did sign the files also with a timestamp:
signtool.exe sign /fd SHA256 /a /f file.pfx /p my password /t http://timestamp.verisign.com/scripts/timstamp.dll filetosign.exe
and it did appear as signed with SHA256 and it has a timestamp but InternetExplorer is still making problems.
IMHO there is still a need for this question, to know whether there is an alternative, and whether this alternative would work under Linux, because an alternative tool which would do the work would mean, that the solution is not working because of signtool, as opposed as to a certificate problem or an IE problem.
Another alternative is
ebourg/jsign, which is written in Java.It can be called directly from Java or provided as an
anttask.Since it's written in Java, this tool can be used on any platform which runs Java, including (but not limited to) Linux, Solaris and macOS.
Quoting the
README.md