This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
tomoff123
Level 2
‎Dec 21, 2010 03:11 AM

Validate digital signature

Hi,

I have a Basic MSI setup project. I am using the CD Release option. It generates a setup.exe, some ini files and an MSI file. I am looking for an option that specifies that the setup.exe should load the MSI only if the MSI contains a valid digital signature and is untampered.

Is there such an option?

Thanks.
Tom
Labels (1)
Labels
0 Kudos

(2) Replies
TimoZimmermann
Level 5
‎Jan 20, 2011 01:09 AM

I need the same thing. Does anybody know if the installshield setup.exe bootstrapper can check the signature?

the example bootsrapper of windows sdk can perform this:
http://msdn.microsoft.com/en-us/library/aa369557(v=vs.85).aspx

Additionally if the setup.exe itself is signed, can it do a self check so that the installation is stopped due to an invalid signature?

Example:
I have a basic MSI package with a setup.exe. All compressed in the setup.exe. The msi and the setup.exe is signed. Now I change some bytes of the setup.exe. The sign is invalid but I can execute the installation... 😞
0 Kudos
sascha_kress
Level 2
‎Sep 10, 2021 01:30 AM

Hi Community,

I have the same question and what to know if there is any solution to this problem available meanwhile so that the setup.exe is checking the digital signature of the MSI file before loading it.

We are using InstallShield 2020 R3 and want to know recommendation how to solve this security problem.

Thanks

Sascha

0 Kudos