Geek Answers Handbook

InnoSetup - Code Signing Certificate

I just bought a code signing certificate from Comodo. I created a small MS Access database that I want to deploy with the Inno Setup installer. The script works fine, but I'm completely new to code signing.

How can I sign my installation file? Do I need external software for signing a certificate or can I do this from Inno Setup?

I tried to find answers to such questions, but no one could show me what I need to start, and how to do it.

+12
inno-setup code-signing-certificate
source share
3 answers

To sign the executable (the installer created by Inno Setup), just create a batch file (.bat) and put this content in it:

"c:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Bin\signtool.exe" sign /f Installer_Wizard_Code_Signing_Certificate.pfx /p password123 /t http://timestamp.verisign.com/scripts/timstamp.dll MySetupFile.exe

Where

"c: \ Program Files (x86) \ Microsoft SDK \ Windows \ v7.0A \ Bin \ signtool.exe" is the path to the Microsoft signature utility (part of the Microsoft SDK)

Installer_Wizard_Code_Signing_Certificate.pfx - your certificate

password123 - password for your certificate

MySetupFile.exe - your settings file that you want to sign

Put all the files in one directory (certificate, configure for signing and batch file) and run the batch file. Signtool signs the certificate file and validates on the official server.

(You can use the http://timestamp.verisign.com/scripts/timstamp.dll server, although you have a Comodo certificate, it does not matter.)

+13
source share

What you do is pretty simple, try everything

  1. Open Inno Setup and select Tools-> Configure Sign Tools The sign tool dialog
  2. Click "Add .." and give it a name, let me call it MsSign, since I am using signtool.exe from Microsoft , you should now have something like this enter image description here
  3. You will then be asked about the command line tool that you use to sign, since I am using signtool.exe, which I will use

signtool.exe sign / tr http://timestamp.digicert.com / td sha256 / fd sha256 / a $ p

Pay attention to $ p at the end, Inno Setup needs this ... Now you should have it, and note that I added the path to signtool.exe to my path variables and that I use the DigiCert time server to timestamp my signature . enter image description here

  1. Now in the script add the following code to the installation segment

    SignTool = MsSign $ f

this line tells the compiler to use the code signature, it will use the variable that I called MsSign and sign the output generated by the installation.

it should look like this enter image description here

When you look at the generated exe file, you will see a digital signature enter image description here

Now this works for me, because I prepared my signature store so that the command line can get the signature, and I have only one code signature, so I won’t need to call it, your parameters may differ from mine, and that’s fine until, in the end, your installation works and your code is signed.

Hope that helps and remember you need $ p in a variable

+13
source share

After you download and install signtool.exe from Microsoft, specify the full path signtool.exe in the signature tool command if it is not added to the path variables in step 3 of the previous answer: D: \ GUI \ signtool.exe sign / tr http : //timestamp.digicert.com / td sha256 / fd sha256 / a $ p enter image description here

0
source share

More articles:


All Articles