cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
tomoff123
Level 2

Validate digital signature

Hi,

I have a Basic MSI setup project. I am using the CD Release option. It generates a setup.exe, some ini files and an MSI file. I am looking for an option that specifies that the setup.exe should load the MSI only if the MSI contains a valid digital signature and is untampered.

Is there such an option?

Thanks.
Tom
Labels (1)
0 Kudos

(2) Replies
TimoZimmermann
Level 5

I need the same thing. Does anybody know if the installshield setup.exe bootstrapper can check the signature?

the example bootsrapper of windows sdk can perform this:
http://msdn.microsoft.com/en-us/library/aa369557(v=vs.85).aspx

Additionally if the setup.exe itself is signed, can it do a self check so that the installation is stopped due to an invalid signature?

Example:
I have a basic MSI package with a setup.exe. All compressed in the setup.exe. The msi and the setup.exe is signed. Now I change some bytes of the setup.exe. The sign is invalid but I can execute the installation... 😞
0 Kudos
sascha_kress
Level 2

Hi Community,

I have the same question and what to know if there is any solution to this problem available meanwhile so that the setup.exe is checking the digital signature of the MSI file before loading it.

We are using InstallShield 2020 R3 and want to know recommendation how to solve this security problem.

Thanks

Sascha

0 Kudos