I have a small question about code signing Windows files.
I use Innosetup for creating an installer .exe
Now, do I only need to codesign the installer .exe or do I also need to codesign everything else (the main app .exe , all xojo lib files?, …)
[quote=160089:@Christoph De Vocht]I have a small question about code signing Windows files.
I use Innosetup for creating an installer .exe
Now, do I only need to codesign the installer .exe or do I also need to codesign everything else (the main app .exe , all xojo lib files?, …)[/quote]
I usually codesign the exe, and the installer.
As Michel suggested, codesign both the executable and the installer.
OK, thank you.
I first use kSign to sign the executable, then I run Innosetup to build the installer.
Innosetup can do the code signing automatically after it builds the installer.
In my case, I add this line to the [Setup] section:
SignTool=kSign /d $qLightwright 5 for Windows$q /du $qhttp://www.mckernon.com$q $f
exe is not enough, all kind of executables and dlls need to be signed, ksign tool does this job for you.
at last the installer file itelf should be codesigned aswell
[quote=160200:@Tomas Jakobs]exe is not enough, all kind of executables and dlls need to be signed, ksign tool does this job for you.
at last the installer file itelf should be codesigned aswell[/quote]
I use Ksign as well. My concern is to avoid the dreaded unknown developer alert. I did mention signing the installer, as this is the file the system will check first, and effectively refuse to install if the installer is not signed.
Signing the DLL is not necessary to prevent the alert, but it is necessary to prevent undue modifications of the program. It is all a matter of how much security one wants.