cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
markhug
Level 4

Building the installer - Digital Signature hijacks keyboard

During build when app needs to digitally sign, the app responsible for automating the entry of the password seems to be using actual keyboard interrupts to do so.
Thus, if I am working in some app that can take keyboard input, that password input is directed into whatever app that I am working on (the password appears in the app).
Similarly, if I switch to another computer (I have two pc's which I switch between) the digital signature will fail.
Using a .pfx
This is a significant productivity problem.
Does anyone have any ideas for fixing this or does Flexera know about this problem?
Labels (1)
0 Kudos
7 Replies
MichaelU
Level 12 Flexeran
Level 12 Flexeran

It sounds like you're describing the behavior for signing with .spc/.pvk files, which is due to a limitation in signcode.exe; when signing with a .pfx file, this should not occur, as signtool.exe supports better ways of handling the password.
0 Kudos
lam1278
Level 6

MichaelU wrote:
It sounds like you're describing the behavior for signing with .spc/.pvk files, which is due to a limitation in signcode.exe; when signing with a .pfx file, this should not occur, as signtool.exe supports better ways of handling the password.



My IDE takes control of the PC as well... could it be that I typed in the box and caused the error??

It appears that all signing options were "successful".

I chose to use the .spc/.pvk files because I figured they were the files that came from VeriSign... however, I did generate a .pvk file... do you think that will that resolve my build issues:

Started signing 1046.mst ...
Succeeded
Started signing 1034.mst ...
Succeeded
Started signing 1033.mst ...
Succeeded
Media table successfully built
Started signing Data1.cab ...
Succeeded
ISDEV : error -6259: Internal build error
ISDEV : fatal error -6260: Internal build error
DTII\Release 4.0.x - 2 error(s), 5 warning(s)
0 Kudos
Vijay__K
Level 7

You can't sort this problem out. The workaround is not to use any other app until the build process has got passed the signing stage.

Installshield's build process is using the handle for the singcode.exe, once it sets the handle to this app to foreground and then 'by chance you change to another app', then the app in the foreground will see the text that was meant for signcode.

As MichaelU said, if you use another method, then you shouldn;t see this problem.
0 Kudos
lam1278
Level 6

Yup thanks... in all three instances when it failed, man it didn't like me doing anything else on my system. I just can't idle for very long watching something so boring... lol

I switched to pfx and life is good....

I guess that's fine because at least I know I am securing the other two files for protection purposes and as long as the password is not stored in plain text anywhere in the MSI.... I'm good to go!

Thanks!
0 Kudos
Vijay__K
Level 7

lam1278 wrote:
as long as the password is not stored in plain text anywhere in the MSI.... I'm good to go!

Thanks!


Correct, the password is used at build time, therefore the msi does not contain it, it doesn't need to.

Vijay.
0 Kudos
TylerC
Level 3

Also, watch out for the caps lock. I have seen that cause an error even when I leave the keyboard and computer alone during build. Removing the caps lock allows the original password (added during Release Wizard) to work correctly.
0 Kudos
Not applicable

I recommend you convert the spc and PVK files to a PFX.

I've noticed when using spc and pvk files, if you use any IM application while installshield is building (for example to notify your testing team that a new version is on its way), it can send your password in the clear, followed by a carriage return, to that application (which then gleefully sends your password on to whoever you were chatting with!)

This can be especially embarrassing if you follow the convention of using passwords which you would be embarrassed to either write down or tell someone else :eek:
0 Kudos