View Full Version : code signing
Unregistered
10-03-2013, 12:25 PM
Read through the beach bunny tutorial...got to the point where you open the digital signature tab in SetupBuilder options.....no such tab in v. 8.
The help screen refers to an spc file - don't have one. All I have is a pvk file and that was one I changed the name on from the firefox backup.
linder
10-04-2013, 01:44 AM
Hello,
The Digital Signature tab definitely exists in SetupBuilder 8 ;) See attached screenshot.
The .spc is the credentials file and you received it after the CA validated your identity and sent the "Your Code Signing Certificate is ready! Thank you for placing your order. The necessary background checks have been successfully completed and we are pleased to announce that your Code Signing Certificate has been issued. To collect your Code Signing Certificate, please click here." email.
If you have received the certificate in form of a .pvk/.spc then you need both the private key (.pvk) and the credentials file (.spc) to make use of Windows Authenticode. And of course, you can use a .pfx in SetupBuilder.
Does this help?
Friedrich
notlogan
10-04-2013, 05:15 AM
I must have a buggy version. My Options tabs go: File Locations| Languages|Dialog Templates. I'd post a screen shot but I don't think it is allowed.
linder
10-04-2013, 05:23 AM
No, you definitely have not a buggy SetupBuilder version :) BTW, screenshots are allowed!
You have to handle the code-signing stuff in your project! Not in the global IDE Options... ;)
Please see my previous screenshot: "General Information" -> "Digital Signature".
And NOT "Tools" | "Options..."
Does this help?
Friedrich
notlogan
10-04-2013, 05:27 AM
D'OH....I tried to post again but I lost my connection. Sorry. I found the right window.....I didn't know the OPTIONS window was different from the GENERAL INFORMATION window. Sorry about that.
linder
10-04-2013, 05:33 AM
Perfect. Thanks for the update!
Friedrich
notlogan
10-07-2013, 08:00 AM
I used firefox to download....I guess that was a mistake. I followed the instructions on copying it but I ended up with a .pfx file and no .spc file. What do I do know.
linder
10-07-2013, 10:34 AM
The .PFX is all that you need! SetupBuilder can use both .PVK/.SPC and .PFX.
1. You need SIGNTOOL.EXE from Microsoft.
2. Open the IDE and select "Tools" -> "Options..." -> File Locations tab. In the "Signcode.exe or SignTool.exe Location" field, please specify the fully qualified path to SIGNTOOL.EXE file.
Now open your project and go to "General Information" -> "Digital Signature" -> and select your certificate file (.pfx) in the "PFX File (optional)" field. Enter all required information (including timestamp).
Compile and you are done :)
Friedrich
notlogan
10-07-2013, 11:28 AM
Got it...thanks.....it worked fine once I got all the pieces in place.
I assume every time I compile an updated version of my setup, my app will be "code-signed" during compilation
linder
10-08-2013, 02:06 AM
With "my app", do you mean the "setup.exe" or your application file(s)?
General Information -> Digital Signature -> Add a Digital Signature -> YES will always code-sign your install. The #code-sign application directive lets you add an Authenticode® digital signature to your own application file(s). For example, your own .exe, .dll, .ocx, etc.
Friedrich
notlogan
10-08-2013, 09:03 AM
I meant the setup.exe. Is there any reason I'd want to also the digital signature to my application.exe file?
linder
10-08-2013, 09:20 AM
Microsoft recommends that commercial software publishers code sign all their PE files. And if you would like to see your own application files flagged as 'suspicious' by anti-virus and anti-spyware systems on a regular basis, then don't code-sign ;-)
You should always code-sign your own PE application files (all your .exe, .dll, .ocx, ...). You should not code-sign 3rd-party files because code-signing means that you take over responsibility (and sometimes it is not even allowed to code-sign because the signature modifies the binary contants of a file). If you have "unsigned" 3rd-party components, you should ask the vendor to code-sign the files.
Friedrich
notlogan
10-09-2013, 05:50 AM
In the script it looks like I'm signing my application .exe but I don't see where setup.exe is being code signed.
#code-sign application "C:\Installation Programs\Release\DataBinder.exe"
I went to General Information and added digital signature to installer executable.
linder
10-09-2013, 06:04 AM
Yes, that is correct. When you have General Information -> Digital Signature -> Add a Digital Signature -> set to YES then the compiler will automatically code-sign your generated setup.exe. Compiler report should look similar to the attached screenshot.
Friedrich
notlogan
10-09-2013, 06:16 AM
Got it....thanks!
linder
10-09-2013, 06:30 AM
You are welcome :)
Friedrich
Powered by vBulletin® Version 4.2.5 Copyright © 2024 vBulletin Solutions Inc. All rights reserved.