I have a small number of applications being used on systems with Windows 7 and Windows XP. These are usually isolated (controllers of CNC machines), so signing is not a high priority requirement. Nevertheless I used to (double) sign these files, too, mostly for consistency.
While moving the sign process of all my build configurations to Signotaur, I realized that signing with SHA1 (and thus double signing) is no longer possible.
Rest assured, that won’t make me stop the switch, but I would just like to ask if there is a (hidden) possibility for signing with SHA1.
As you’ve noted, SHA-1 signing isn’t currently supported in Signotaur, and there’s no hidden switch for it.
However, following your request, we’ve started working on adding a dual-signing option (including SHA-1) today, and we’ll have a new version available on Monday.
Version 1.1.0.55 adds a --sha1|--add-sha1-signature command line option to allow dual-signing with an additional SHA-1 signature for legacy Windows versions.