Signotaur - v1.2.0.107 Released

Sparky · April 23, 2026, 12:20pm

Hi All,

A new version of Signotaur has been released and is available from Signotaur Downloads. The latest stable version of Signotaur is 1.2.0.107.

Remote Desktop Protocol (.rdp) file signing is now supported, including timestamping and verification.

The server now returns the certificate chain with each signing certificate, removing the client’s dependency on AIA fetching in firewalled or air-gapped environments.
CMS, NuGet, VSIX and RDP files are now signed in parallel within a batch for faster throughput.
The --separate-timestamp option is now respected when signing CMS, NuGet, VSIX and RDP files, not just Authenticode files.

New DSA certificate registrations are now rejected. DSA was withdrawn by NIST FIPS 186-5 and is no longer validated by code-signing runtimes. Existing registered DSA certificates continue to work.
A warning is now shown when an ECDSA certificate is used with --add-sha1-signature, as Authenticode dual-signing with ECDSA primary signatures is not supported by the Microsoft Trusted Root Program.
Warnings are now shown when CLI options are passed but have no effect on the specified file types.

system · April 23, 2026, 12:25pm

This topic was automatically closed after 5 minutes. New replies are no longer allowed.