Jump to content
Excelsior Forums

Recommended Posts

When I run signtool to add a digital signature to the installation executable, the installation executable no longer works. A message pops up that says, "Invalid or corrupted installation package"

If I can't sign my products, then my customers will see "Publisher: Unknown" and this is unacceptable.

Any solutions?

Thanks,

Harkey

Share this post


Link to post
Share on other sites

Most probable reason is that the installer checks the package itself against MD5 hash. When you sign it, you change it for sure.

Try to uncheck the "Verify package integrity before installation" that is located on the "Install Facilities" tab, page "Settings", it should help. Let us know if not.

Share this post


Link to post
Share on other sites

When I run signtool to add a digital signature to the installation executable, the installation executable no longer works. A message pops up that says, "Invalid or corrupted installation package"

If I can't sign my products, then my customers will see "Publisher: Unknown" and this is unacceptable.

Any solutions?

Thanks,

Harkey

Hi, did that solve the problem?

Could you please give some step-by-step details about how you sign the installation package using the signtool?

Thanks

Ted

Share this post


Link to post
Share on other sites

To attach a digital signature to your installation package:

1. Create installation package without internal MD5 signature.

 

  1.1 Run "Packager" and open existing or create a new project.

  1.2 Go to the tab "Install" on page "Settings", and uncheck

        the check box "Verify package integrity before installation".

  1.3 Rebuild installation package.

2. Get a Certificate file from any site support certificate

  (http://www.verisign.com/, http://www.thawte.com/, ...) or

  generate test certificate file.

  Generate test certificate files:

 

  2.1 Run "makecert" and enter a password to create a test certificate file:

            makecert -ss Root -sv Test.pvk NewCer.cer

        This command creates two files:

          "NewCer.cer"  - certificate file

          "Test.pvk"    - private key container

        See http://msdn.microsoft.com/en-us/library/bfsktky3.aspx for details.

  2.2 Run "cert2spc" to create test Software Publisher's Certificate (SPC): 

 

            cert2spc.exe NewCer.cer NewCer.spc

        This command creates file "NewCer.spc".               

        See http://msdn.microsoft.com/en-us/library/aa376008(v=VS.85).aspx for details.

3. Attach a digital signature to your installation package.

    Launch the signing wizard:

        signtool.exe signwizard

    3.1 On page "File Selection", select your installation package.

 

    3.2 On page "Signing Options", select type "Custom".

    3.3 On page "Signature Certificate", press "Select from File..." button

          and select file "NewCer.spc".

    3.4 On page "Private Key", select file "Test.pvk".

          The password will be prompted.

 

    3.5 On the next pages of the Digital Signature Wizard select

          options as you wish.

makecert.exe, Cert2Spc.exe and signtool.exe are available as part of the Windows SDK, which you can download from http://go.microsoft.com/fwlink/?linkid=84091.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×