MD5 is considered insecure and switching the default to SHA1 should be better for everyone.
See the discussion on the mailing list: http://lists.ximian.com/pipermail/mono-devel-list/2015-December/043424.html
sign the PE executable. This private key must match the public key inside the
publisher X.509 certificate.
.TP
-.I "-a md5 | sha1"
+.I "-a sha1 | md5"
The hash algorithm used in the digital signature of the PE executable. The
-default algorithm is MD5.
+default algorithm is SHA1.
.TP
.I "-$ individual | commercial"
Add information about the publisher, i.e. if the signature is generated by an
public string Hash {
get {
if (hash == null)
- hash = "MD5";
+ hash = "SHA1";
return hash;
}
set {
Console.WriteLine ("Usage: signcode [options] filename{0}", Environment.NewLine);
Console.WriteLine ("\t-spc spc\tSoftware Publisher Certificate file");
Console.WriteLine ("\t-v pvk\t\tPrivate Key file");
- Console.WriteLine ("\t-a md5 | sha1\tHash Algorithm (default: MD5)");
+ Console.WriteLine ("\t-a sha1 | md5\tHash Algorithm (default: SHA1)");
Console.WriteLine ("\t-$ indivisual | commercial\tSignature type");
Console.WriteLine ("\t-n description\tDescription for the signed file");
Console.WriteLine ("\t-i url\tURL for the signed file");