How do you append SHA1 signature after the SHA256 signature?


I have a .cat file that is signed by MS and I would like to append the SHA1 signature to it. However, signtool fails using /as to append the SHA1 signature. Error 0x80070057. I often sign using SHA1 first and use /as on the SHA256 signature and that works fine. It doesn't seem to like the /as with SHA1. Is there a way to get signtool to do it, does an updated version do it (using version from 8.1), or is there another tool that will do it?


asked on Stack Overflow Mar 1, 2019 by user3161924

1 Answer


The answer is you can't as of this time. SHA1 has to be first.

But it doesn't matter because attestation signing only flags the .CAT valid for Windows 10. Prior windows will complain so you need to create your own separate .CAT file using inf2cat indicating which OSes to support.

answered on Stack Overflow Mar 7, 2019 by user3161924

User contributions licensed under CC BY-SA 3.0