-
Notifications
You must be signed in to change notification settings - Fork 23
Visual Studio Signing Requirements
Visual Studio has requirements of the signature on VSIX package.
Starting in Visual Studio 2015, the VSIX package must be signed with a SHA256 file digest. This is the default option in OVST, and can be configured with the --file-digest option. See [Usage][Usage] for more information about specifying the digest algorithm.
Visual Studio 2013 and below do not support SHA256 file digests. This means signing a VSIX that is compatible with Visual Studio 2013 and Visual Studio 2015 is impossible, as the VSIX signature validator is not able to handle dual signatures.
This is specified by the vsixmanifest file. If the extension is explicitly compatible with Visual Studio 2013 and Visual Studio 2015, then the signatures will not be valid, even for those versions of Visual Studio where the signature could be validated.
-
In order for a signed VSIX to support Visual Studio 2015 and later, the VSIX must not list Visual Studio 2013 as compatible, and it must be signed with a SHA256 file digest.
-
In order for a signed VSIX to support Visual Studio 2013 and below, the VSIX must not list Visual Studio 2015 as compatible, and it must be signed with a SHA1 file digest.