Here is how we do it.
1. We had to get a 'code signers certificate'. There are many vendors;
Verisign, Thawte, Comodo or one of the competitors. If your company
already has a certificate, you are saved from much frustration. If not,
Comodo has very good instructions about installing the key and using it.
2. The System Requirements for the machine you are going to generate the
signature on:
a. Signtool.exe is included in the Platorm SDK
b. You must also install CAPICOM (capicom_dc_sdk.msi)
3. Build your msi.
4. Use Signtool to sign any executable file (dll, exe, com, msi, cab,
catalog etc). There are many command line switches depending on whether
your Certificate is in the machine's Certificate Store or you have it
exported to a file(.pfx) like we do.
Syntax: signtool.exe sign /f <Path\filename.pfx> /p <password
for the key>
/t <url to timpstamp server> /v <path\filename to sign>
There are many command line switches. The line above works but you may
wish to add /q so that success returns nothing, errors will still return
output to stdout.
Syntax Help: http://msdn2.microsoft.com/en-us/library/aa387764.aspx
Once you get SDK, CAPICOM and the Certificate installed, signing things
is just one command in the build process.
-----Original Message-----
From: John Hall [mailto:[EMAIL PROTECTED]
Sent: Monday, October 06, 2008 10:16 AM
To: General discussion for Windows Installer XML toolset.
Subject: Re: [WiX-users] How does digital signing work?
> Could anyone please describe how digital signing works with WIX?
> I've only found the reference of the DigitalSignature-element here:
> http://wix.sourceforge.net/manual-wix2/wix_xsd_digitalsignature.htm
> In the Windows Installer SDK there isn't much more
> information. It seams that I need a 128 bit hash of an
> unknown file or set of files created with an unknown hashing
> algorithm. I first thought that I have to use the hash of the
> .MSI file, but this can't work because the hash itself is
> part of the .MSI file.
>
> So my questions are basically:
> 1. What hashing algorithm do I have to use?
> 2. What files do I have to include in the hash?
Yves,
I just use SignTool
(http://msdn.microsoft.com/en-us/library/8s9b9yaz(VS.80).aspx) on my
compiled .msi file.
Regards,
John
------------------------------------------------------------------------
-
This SF.Net email is sponsored by the Moblin Your Move Developer's
challenge
Build the coolest Linux based applications with Moblin SDK & win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the
world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
WiX-users mailing list
WiX-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wix-users
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
WiX-users mailing list
WiX-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wix-users
