This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Revenera Community
- :
- InstallShield
- :
- InstallShield Forum
- :
- How secure is the certificate password stored in an install shield 2009 project?
Subscribe
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
Aug 15, 2008
03:16 PM
How secure is the certificate password stored in an install shield 2009 project?
I want to bundle the msi file in the setup.exe, but I want the msi package signed, because I am caching it. To do this I was going to use Install Shield’s facility to sign the msi file and the setup.exe. In the past the password to use the certificate was stored in an unsecure manner in the ISRelease table. I did a test run and that field does not appear to be populated anymore.
So is the password better protected now? Could it still be possible to extract the password somehow?
So is the password better protected now? Could it still be possible to extract the password somehow?
(1) Reply
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
Aug 18, 2008
10:29 AM
If you have access to the project file, you can get the password back; it just takes more than an accidental glance at the table now. From a theoretical standpoint: since the obfuscation is reversible, it's possible for someone else to perform the reverse operation. From a practical standpoint: since the password is passed to other applications (namely signcode or signtool), it's possible to intercept this.