0003373: The installers are not signed for the OPC Clasic Core components, and the PE files insatlled are not signed either.

ID	Project	Category	View Status	Date Submitted	Last Update

0003373	Core Components	Security Issue	public	2016-03-15 16:35	2016-03-15 16:35

Reporter	Doug Stewart	Assigned To
Priority	normal	Severity	major	Reproducibility	always
Status	new	Resolution	open
Platform	PC	OS	Windows	OS Version	8.1

Summary	0003373: The installers are not signed for the OPC Clasic Core components, and the PE files insatlled are not signed either.
Description	SHA1 signatures are being depricated by Microsoft. http://social.technet.microsoft.com/wiki/contents/articles/32288.windows-enforcement-of-authenticode-code-signing-and-timestamping.aspx The latest x86 OPC Clasisic core components are not signed at all. The distributed binaries at one time were signed with SHA1 signatures. OpcEnum.exe 1.1.106.0 is not signed. Previous versions were signed. The installer is not for opc-core-components-redistributable-x86-release-106-20150630. The installers and installed PE files should be signed with SHA256 signatures, countersigned with RFC3161 timestamp servers with SHA256 signed certificates.
Tags	No tags attached.

Date Modified	Username	Field	Change
2016-03-15 16:35	Doug Stewart	New Issue