PDA

View Full Version : Code-signed .MSI question



NewsArchive
03-17-2020, 03:04 AM
Sometimes, when I install software from a publisher's code-signed .MSI
file onto my Win10 box, the elevation prompt says "Windows Installer"
and that the publisher is Microsoft.

But the actual .MSI is signed by the publisher. (in this case, it's
Evernote and signed with sha1)

Why doesn't the elevation prompt show the vendor as the publisher?

Jeff Slarve
www.jssoftware.com


Bits and Bytes are Dy-No-Myte

NewsArchive
03-17-2020, 03:18 AM
Jeff,

> Sometimes, when I install software from a publisher's code-signed .MSI
> file onto my Win10 box, the elevation prompt says "Windows Installer"
> and that the publisher is Microsoft.
>
> But the actual .MSI is signed by the publisher. (in this case, it's
> Evernote and signed with sha1)
>
> Why doesn't the elevation prompt show the vendor as the publisher?

this is a good question. As far as I know, the original digital signature
is removed from the .msi when doing an elevated installation. From the
technical point-of-view, a .msi package gets modified when it is launched
with administrator execution level privileges (the "AdminProperties" stream
changes).

Friedrich

NewsArchive
03-18-2020, 03:02 PM
Interesting. Thanks.

Wonder what happens if the original signature is invalid or revoked.

Jeff Slarve
www.jssoftware.com


Bits and Bytes are Dy-No-Myte