Ask a Question

Advanced Search

Solution ID : SO26221

Last Modified : 05/02/2018

Error "Windows cannot verify the digital signature for this file." due to SHA-256 signature not supported on Windows 7


Signed files with SHA-2 (SHA-256) signature hashing algorithm on Windows 7 failed to run and produces an error warning.


Error Message

"Error: "Windows cannot verify the digital signature for this file."

A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source


Only Windows 8 supports signatures signed with the SHA-256 hashing algorithm out of the box. By default, Windows 7 only works with SHA-1 signed hashing algorithm.


Windows 7 users looking for a workaround have two options;

  1. Apply the latest hotfix from Microsoft on your machine, this hotfix adds functionality for the SHA-2 hashing algorithm to all supported editions of Windows 7 and Windows Server 2008, please refer to the link -​
  2. Reissue the certificate as SHA-1 ​
    • For a Retail Code Signing Certificate for Microsoft Authenticode: Replace the certificate with the steps in this instruction:  SO1737.
      Note: Select SHA-1 under Hashing Algorithm.​
    • For ​Extended Validation (EV) Code Signing certificate – please note that Symantec no longer offers SHA-1 certificates.

For more information on Dual signing, please view the Microsoft article - Signing a Driver for Public Release under the section "Signing a driver package with two signatures".