tag:blogger.com,1999:blog-24989625.post4391117561523536196..comments2024-03-13T13:07:08.623-05:00Comments on Doug Hennig: Executable Signing Using SHA-256 CertificatesDoug Hennighttp://www.blogger.com/profile/00208525487680844022noreply@blogger.comBlogger6125tag:blogger.com,1999:blog-24989625.post-26156854043972602782022-05-31T16:48:58.603-05:002022-05-31T16:48:58.603-05:00I resolved the problem described in my last commen...I resolved the problem described in my last comment (actually the two problems). 1) I did not realize that the signing setup for Inno Script Studio was not duplicated in Inno Setup Compiler and 2) the "$p" parameter is still required in the command line syntax (which I believe I included at first, then eliminated in a desperate try-anything-to-see-if-it-works mode.Anonymoushttps://www.blogger.com/profile/04436588590669568053noreply@blogger.comtag:blogger.com,1999:blog-24989625.post-69665812988292992642022-05-31T15:50:15.013-05:002022-05-31T15:50:15.013-05:00Up till this point (pre-signing certificate) I use...Up till this point (pre-signing certificate) I used a PRG called "Maker.prg" to build a batch file that called "c:\Program Files (x86)\Inno Script Studio\isstudio" -COMPILE, which worked fine. <br /><br />I was able to get InnoScript Studio to successfully sign the installer, so I moved to adapting the Maker procedure, which handles everything (including multiple exe functional scopes) to include command line <br /><br />However, in trying to add code signing, I followed your example using this code, except I used /a (as I did above) instead of specifying the certificate and password (this works if I sign the program executable as well as when I compile the installer from the InnoScript environment):<br /><br />FPUTS(lnBatchHandle, '"c:\Program Files (x86)\Inno Setup 6\iscc" ' + ;<br />'"/sSignTool=c:\ffezinst\distrib\signtool.exe sign /v /tr http://timestamp.digicert.com /td sha256 /fd sha256 /a $p" ' + ;<br />'"c:\ffezinst\distrib\Inno Setup Projects\FF&EZ\' + lcISSFile + '"')<br /><br /><br />...but the resulting installers were not signed (but also no error popped). Have I bungled the syntax here or is the certificate store not accessed by iscc.exe? Anonymoushttps://www.blogger.com/profile/04436588590669568053noreply@blogger.comtag:blogger.com,1999:blog-24989625.post-53654964531164895672020-05-11T10:57:55.394-05:002020-05-11T10:57:55.394-05:00Doug,
Indeed my bad: copied and pasted the wrong p...Doug,<br />Indeed my bad: copied and pasted the wrong path to signtool.exe into my routine. Now it seems to work.<br />Thanks.<br />KoenKoenhttps://www.blogger.com/profile/17954141020285818674noreply@blogger.comtag:blogger.com,1999:blog-24989625.post-74605664713033750822020-05-11T10:37:53.036-05:002020-05-11T10:37:53.036-05:001. The command for the Configure Sign Tool should ...1. The command for the Configure Sign Tool should not include "Standard=" either.<br /><br />2. Do you have a C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin folder and does it contain signtool.exe?<br /><br />3. The /f parameter has to have the full path for the certificate file, including the file name, such as D:\InnoSetup\mycert.pfx.<br /><br />DougDoug Hennighttps://www.blogger.com/profile/00208525487680844022noreply@blogger.comtag:blogger.com,1999:blog-24989625.post-63318693393494337862020-05-11T10:29:44.842-05:002020-05-11T10:29:44.842-05:00Hi,
An other dummy question:
Compile error: Error...Hi,<br />An other dummy question: <br />Compile error: Error 2 - The system cannot locate the given file<br /><br />Hmm, which file do you think the system is looking for/<br /><br />I have followed your instructions and have passed<br />"/sStandard=C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\signtool.exe sign /fd SHA256 /tr http://timestamp.comodoca.com /td SHA256 /f D:\InnoSetUp /p password"<br />(where password to be excanged with the actual password) <br />as parameter.<br />The command for the Configure Sign Tool was identical, without the quotes and without the first letter s.<br />The two sections as advised where added to ISS.<br />The certificate is in the given path "D:\TnnoSetUp"<br />Regards,<br />Koen<br />Koenhttps://www.blogger.com/profile/17954141020285818674noreply@blogger.comtag:blogger.com,1999:blog-24989625.post-15816781766887411502018-01-31T22:36:43.020-06:002018-01-31T22:36:43.020-06:00Thanks, Doug. This was a big help. I finally got t...Thanks, Doug. This was a big help. I finally got the inno setup to sign thanks to your explanation. I ran into one problem though. I didn't understand what <i>Description</i> was supposed to be and just put a few words like <i>My Software</i>. Based on the error message, that was supposed to be a file name. I simply removed it, and the signing went as expected. Perhaps you could provide a description of <i>description</i> for dummies like me. Thanks again. I was pulling my hair out, and there isn't much of that left.Anonymoushttps://www.blogger.com/profile/07394814887802218450noreply@blogger.com