LogoDark mode logo
LogoDark mode logo
Contact SupportLoading Light/Dark Toggle

  • Licensing Overview
  • System Requirements, Server Spec and Sizing
    • Best Practices for Security
    • Signing and security for product files
    • Signing and security for sensitive tiles
    • CVE-2020-9388 - API Endpoints are not protected against CSRF
    • CVE-2020-9389 - Username enumeration possible via a timing attack
    • CVE-2020-9390 - Stored cross-site scripting (Web Content and Visio tile)
    • CVE-2021-40091 - SSRF issue
    • CVE-2021-40092 - Stored cross-site scripting (Image tile)
    • CVE-2021-40093 - Stored cross-site scripting (Action Buttons)
    • CVE-2021-40094 - DOM-based stored cross-site scripting
    • CVE-2021-40095 - Reading arbitrary files
    • CVE-2021-40096 - Stored cross-site scripting (provider configuration)
    • Information regarding CVE-2021-44228 - Apache Log4j 2
    • CVE-2022-46784 - Client side open redirection
    • CVE-2022-46785 - Prototype pollution leading to XSS
    • CVE-2022-46786 - Stored Cross-Site Scripting
    • CVE-2024-45180 - Stored cross-site scripting (Knowledge Editor tile)
  • EAM-X
  • Training
  • Support for older versions of SquaredUp DS
  • Understanding the figures on Performance graphs
  • SquaredUp DS and the SDK user limit
  • Useful PowerShell Commands
  • Square Up (the credit card company) payments and problems
referencesecurity advisorysigning and security for product files

Signing and security for product files

Which files are signed?

SquaredUp uses a DigiCert Extended Validation (EV) Code Signing Certificate to sign all product binaries including our installer.

Which hashing algorithm is used?

We use the SHA-256 cryptographic hash function to create a digest of each binary before encrypting the digest using SquaredUp's private key. A signature block is then created that contains the encrypted digest, timestamp, and Code Signing Certificate that includes SquaredUp's public key that can be used to verify SquaredUp's signature. This signature block is included in the binary metadata.

The FIPS 140-2 HSM used for SquaredUp's private key and certificate is Azure Key Vault (more information from Microsoft). Azure Key Vault uses nCipher HSMs, which are Federal Information Processing Standards (FIPS) 140-2 Level 2 validated.

Note: You can view the signature block under Properties if you right-click on the SquaredUp DS installer or one of the SquaredUp DS binaries.

Was this article helpful?


Have more questions or facing an issue?
Submit a ticket

Footer

Sites

  • SQUAREDUP
  • SQUAREDUP DS
  • DOWNLOAD
  • COMMUNITY ANSWERS

Quick Links

  • SUBMIT A REQUEST
  • EVENTS
  • CAREERS

Small Print

  • PRIVACY POLICY
  • TERMS AND CONDITIONS
Youtubex (Twitter)LinkedIn

© SquaredUp 2025