| [ Overview | First | Previous | Next | Last ] |
Digital Signatures
MSIStudio provides provides support for the signing of files with code certificates. Digitally signing the installation deters malicious tampering with the installation after it has been released and is highly desirable when publishing installation packages on the Internet. Windows has built-in checking for digital signatures on downloaded files and not having a valid signature will often cause a lot of warnings to be presented to the user.
In addition, any tampering with a file after a digital signature has been applied will generate additional warnings and will not be allowed to run.
It is recommended to digitally sign program executables for the same reason to avoid tampering and this can be done with the same code sigining certificate used to sign the installation. This would be part of the development process and done before creating the installation package.
The parts of an installation package that can be digitally signed include:
- Setup.exe executables. The bootstrapper that can be used to launch the installation.
- MSI File. The main windows installer package can be digitally signed.
- CAB Files. The CAB files which contain the compressed raw data for the files for the installation can be signed.
Certificate come in a number of file formats. The one favored by Microsoft and the one that can be processed natively by MSIStudio is the PFX file format. This file contains both a certificate and a key and is usually password protected. Other certificate formats must first be converted to PFX in order to be used by MSIStudio.
SPC and PVK
Certificates often come as a SPC certificate file along with a PVK private key file. To use with MSIStudio
these must be converted to a PFX file. Follow the steps below to achieve this:
- Go to M$ and
| [ Overview | First | Previous | Next | Last ] |