From b79113c1c5ef83a5be089b6b164202852c0bb79a Mon Sep 17 00:00:00 2001
From: JKarasti <juho.karasti@gmail.com>
Date: Thu, 26 Sep 2024 16:15:03 +0300
Subject: [PATCH] Change: Switch to using SHA256 signature algorithm to sign
 the Dangerzone executables and installer.

---
 install/windows/build-app.bat | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/install/windows/build-app.bat b/install/windows/build-app.bat
index ffdc60d..320a40f 100644
--- a/install/windows/build-app.bat
+++ b/install/windows/build-app.bat
@@ -2,12 +2,14 @@ REM delete old dist and build files
 rmdir /s /q dist
 rmdir /s /q build
 
-REM build the exe
+REM build the gui and cli exe
 python .\setup-windows.py build
 
 REM code sign dangerzone.exe
-signtool.exe sign /v /d "Dangerzone" /a /n "Freedom of the Press Foundation" /fd sha1 /t http://time.certum.pl/ build\exe.win-amd64-3.12\dangerzone.exe
-signtool.exe sign /v /d "Dangerzone" /a /n "Freedom of the Press Foundation" /fd sha1 /t http://time.certum.pl/ build\exe.win-amd64-3.12\dangerzone-cli.exe
+signtool.exe sign /v /d "Dangerzone" /a /n "Freedom of the Press Foundation" /fd sha256 /t http://time.certum.pl/ build\exe.win-amd64-3.12\dangerzone.exe
+
+REM code sign dangerzone-cli.exe
+signtool.exe sign /v /d "Dangerzone" /a /n "Freedom of the Press Foundation" /fd sha256 /t http://time.certum.pl/ build\exe.win-amd64-3.12\dangerzone-cli.exe
 
 REM build the wix file
 python install\windows\build-wxs.py > build\Dangerzone.wxs
@@ -17,9 +19,9 @@ cd build
 candle.exe Dangerzone.wxs
 light.exe -ext WixUIExtension Dangerzone.wixobj
 
-REM code sign dangerzone.msi
+REM code sign Dangerzone.msi
 insignia.exe -im Dangerzone.msi
-signtool.exe sign /v /d "Dangerzone" /a /n "Freedom of the Press Foundation" /fd sha1 /t http://time.certum.pl/ Dangerzone.msi
+signtool.exe sign /v /d "Dangerzone" /a /n "Freedom of the Press Foundation" /fd sha256 /t http://time.certum.pl/ Dangerzone.msi
 
 REM moving Dangerzone.msi to dist
 cd ..