I have a desktop app that I deploy for Mac and Windows.
I have bitten the bullet and purchased a Windows code-signing certificate. Pre-packaging, my app has the app.exe, lots of DLL’s and 2 folders, Resources and Library.
I use Innosetup to make the Windows installer, and KSign 3.0 to do the code-signing.
My question is: Is it enough to build the app, use Innosetup to make the installer, and then use KSign to code-sign the final installer (myapp-setup.exe)?
Or should I code-sign all the components first, then make the installer and code-sign again?