Summary
As described in Microsoft to use SHA-2 exclusively starting May 9, 2021, beginning May 9, 2021 at 4:00 PM Pacific Time, all major Microsoft processes and services—including TLS certificates, code signing and file hashing—will use the SHA-2 algorithm exclusively.
How to verify your software is SHA-2 signed
Follow these steps to verify your applications are SHA-2 signed:
-
Find the executable (EXE) file in File Explorer for the applications that you want to examine.
-
Right-click the EXE file and select Properties.
-
Select the Digital Signatures tab in the Properties dialog box.
-
If your application is SHA-2 signed, you will see SHA256 in the Digest algorithm column in the Signature list section.
If your application is not SHA-2 signed, you might encounter issues or have to disable security warnings or security features to let the application run. We do not recommend this. Verify that you are using the latest version of your applications and if issues persist, contact the manufacturer.
How to tell if you are impacted by SHA-1 expiration
You may encounter warnings or errors when you try to install or use applications or drivers that are only SHA-1 signed.
Note We are currently not aware of any popular applications encountering the following issues. However, you might receive any of the following error messages.
Error message |
Error occurs |
---|---|
Windows can’t verify the publisher of this driver software |
When you are attempting to install a driver, you might be prompted with this warning from Windows Defender. You should have the following options:
|
This app has been blocked for your protection Administrator has blocked you from running this app |
When you are attempting to run an application and it gets blocked by Smart Screen because the signature is no longer valid and now lists Publisher: Unknown. The application will not open. |
This publisher has been blocked from running software on your machine |
When attempting to open an application. |
Generic trust failure |
When attempting to install an application. |
Invalid digital signature |
When attempting to extract or install an application. |