View Full Version : Does Setupbuilder allow for digital signatures...
NewsArchive
05-25-2021, 05:40 AM
Does Setupbuilder allow for digital signatures thus preventing the unknown
publisher issues?
tia
Dave
NewsArchive
05-25-2021, 05:41 AM
Hi Dave,
Yes it does, on the General Info -> Digital Signature tab. We use it on
all our installers.
Regards,
Andy
www.noyantis.com
NewsArchive
05-25-2021, 05:42 AM
>Does Setupbuilder allow for digital signatures thus preventing the unknown
>publisher issues?
Yes, Dave.
Be sure to sign against a TimeStamp-Server.
If yiu just sign it with your certificate, your EXE will loose its singanture
after your certificate has expired. If you sign a gain such a server, your EXE
will continue to be certified with your signature forever.
There have been some webinar on certificates:
https://clarionlive.com/BrowseEpisodes/ww search for certificate
#503, #512 and #515 deal with some specific aspect of tampering a digitally
signed EXE. Believe it or not, but you can manipulate a digitally code-signed
EXE it it continues to run. I show that in webinar #503 and how to alert your
user, if that has happened, like by a virus or any bad guy.
In #512 Mike Hanson turns that code from webinar #503 into a template. You find
this template and some explanation here:
https://odata.de/Clarion/verify_digital_certificate
After the webinars I enhanced the template code with some internationalization
for the user interface. You can customize your alerts now in the template
itself.
But the webinars were made for watchin'.... (even if they are so long)
FTW: I have a separate SB-script just for code-signing. I run this before I run
the actual installer script. So my installer script always works with already
validly signed EXE. I do this because sometimes code-signing fails due to
failing commection to the TimeStamp-Server. And as my script is a bit larger,
its quite annoying to re-do the steps it needs. My script produceds complet
installer and update installer for four different targets (countries) from one
dataset. So I run it 8 times. I don't want to code-sign that very same EXEs 8
times over and over again. I would end up with 8 different version of my EXEs.
Bad idea when I would want to promote them to www.virustotal.com.
But of course you can simply do create your installer and code-signing the
binaries (.EXE, your .DLL and all your other binary stuff under your command)
in one go. Super easy! Both SHA-1 (in case you have to server ancient operating
systems) and SHA-2.
BTW, there is a SetupBuilder-NG here.
PS: I allowed myself to give my reply a more meaningful subject.
Regards,
Wolfgang Orth
www.odata.de
Please note:
From time to time it happens, that I overlook a reply to my postings.
Please don't be angry.
In case of an emergency, try to contact me via mail.
Bitte beachten:
Von Zeit zu Zeit passiert es mir, dass ich Antworten auf meine Postings übersehe.
Bitte nicht böse sein.
Im Notfall bitte Kontakt per Mail versuchen.
NewsArchive
05-25-2021, 05:43 AM
> BTW, there is a SetupBuilder-NG here.
>
> PS: I allowed myself to give my reply a more meaningful subject.
Thank you for that, Wolfgang. I did not see this "new" thread because it
was hidden under an older one dated 3/22/2011.
Friedrich
Powered by vBulletin® Version 4.2.5 Copyright © 2024 vBulletin Solutions Inc. All rights reserved.