InnoSetup - Code Signing Certificate

Question

I have just purchased a code signing certificate from Comodo. I have built a small MS Access database that I want to deploy with Inno Setup Installer. The script runs fine but I am completely new to code signing.

How can I go about signing my installation file? Do I need an external software to sign the certificate or can I do it from within Inno Setup?

I have tried to search for answers to similar questions but none was able to show me what I need to get started, and how to go about it.

Answer 1

What you do is quite simple, try and follow allong

1. Open Inno Setup and select Tools-> Configure Sign Tools
2. Click "Add.." and give it a name, let's call it MsSign as I am using signtool.exe from Microsoft, you should now have something like this
3. You are then asked for the command line of the tool that you use for signing, as I am using signtool.exe I will use

signtool.exe sign /tr http://timestamp.digicert.com /td sha256 /fd sha256 /a $p

Note the $p at the end, Inno Setup needs this... You should now have this, and note that I have added the path to signtool.exe in my path variables and that I am using DigiCert's time server to time-stamp my signature.

4. In the script, you now add the following code to the setup segment

   SignTool=MsSign $f

this line, tells the compiler to use code signing, it will use the variable I've called MsSign, and will sign the output generated by the setup.

it should look like this

When you look at the generated EXE you will see the digital signature

Now this works for me because I have prepared my signature store in such a way that the command line can get the signature and I have only one code sign signature so I will not need to name it, your parameters may be different than mine are, and that's okay as long as in the end, your setup works and your code gets signed.

Hope to have helped and remember you need that $p in the variable