If you sign external cabs, you can try the new tool "Insignia". If you use Insignia, you don't need to use the DigitalSignature element. This tool only exists in WiX 3.5. To use insignia, don't use any "DigitalSignature" elements. Sign your cabs, and then run insignia, and it will update your MSI appropriately, according to the way you signed your cabs.
If you use MSBuild, this integrates well with MSBuild as well - see the WiX 3.5 CHM page on "Insignia" for instructions to use insignia with MSBuild. Thanks, Mike Carlson -----Original Message----- From: Ondrej Zarevucky [mailto:ondrej.zarevu...@fine.cz] Sent: Monday, April 19, 2010 6:03 AM To: General discussion for Windows Installer XML toolset. Subject: Re: [WiX-users] Adding Digital Signature to MSI Hi, I'm signing external cabinets using signtool.exe after the MSI is created. I would like to learn more about the "DigitalSignature" element and I'd like to know, how to tighten the security of the setup even more. Do you have any examples or tutorials describing the "DigitalSignature" element for external cabinets? http://wix.sourceforge.net/manual-wix3/wix_xsd_digitalsignature.htm doesn't describe the element very much :( Thank you for your help Ondrej Zarevucky On 13.4.2010 23:00, Mike Carlson (DEV DIV) wrote: > Christof is correct that WiX doesn't own the process of signing any > particular file - signtool.exe does that job. If you don't have any external > cabinets, just use signtool.exe to sign your MSI, and you're done. > > If you do have external cabinets (i.e. you have Media elements where > Media/@EmbedCab is set to "no") and intend to sign your MSI, your MSI should > contain information about the expected digital signatures of its associated > external cabs. To do this, see the documentation for the "DigitalSignature" > element, or in WiX 3.5, there is a new tool called "Insignia" to make this > process easier - see wix.chm for more information about Insignia in WiX 3.5. > > Thanks, > Mike Carlson > > -----Original Message----- > From: Christof Schmutz [mailto:christof.schm...@cstsoft.de] > Sent: Tuesday, April 13, 2010 11:07 AM > To: General discussion for Windows Installer XML toolset. > Subject: Re: [WiX-users] Adding Digital Signature to MSI > > Hi Jeff > > I use the program signtool from windows.sdk > See example > > set FileEinzelMsi="setup.msi" > set TimeURL=http://timestamp.comodoca.com/authenticode > signtool.exe sign /f "certificat.pfx" /p password /t "%TimeURL%" /v > "%FileEinzelMsi%" > > Christof > > -----Ursprüngliche Nachricht----- > Von: jeff00seattle [mailto:jeff_tan...@earthlink.net] > Gesendet: Dienstag, 13. April 2010 18:04 > An: wix-users@lists.sourceforge.net > Betreff: [WiX-users] Adding Digital Signature to MSI > > > Hi > > Curious, does WiX provide a way to add a digital signature to resulting MSI > output? > > ----- > Thanks > Jeff in Seattle > ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
