This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Revenera Community
- :
- InstallShield
- :
- InstallShield Forum
- :
- signing package problem
Subscribe
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
‎Aug 29, 2007
07:30 AM
signing package problem
Hi All
I have a problem driving me nuts.
I have 15 projects I can sign fine, but number 16 worked until today. I tried using pvk and key file as well as pvx.
Most strange is that when I select properties on my package.exe in IS2008 explorer (inst. designer/myproject/releases/disk images/package), it's digitally signed here - no problem.
But in Windows Explorer, right clicking again etc. No trace of digitally signing. Of course, when installing, it says "not signed".
I've tried the usual reboot etc.
To clarify: The setup.exe in the package is signed correctly.
But the package itself not.
Any ideas?
Best
Skeeto
I have a problem driving me nuts.
I have 15 projects I can sign fine, but number 16 worked until today. I tried using pvk and key file as well as pvx.
Most strange is that when I select properties on my package.exe in IS2008 explorer (inst. designer/myproject/releases/disk images/package), it's digitally signed here - no problem.
But in Windows Explorer, right clicking again etc. No trace of digitally signing. Of course, when installing, it says "not signed".
I've tried the usual reboot etc.
To clarify: The setup.exe in the package is signed correctly.
But the package itself not.
Any ideas?
Best
Skeeto
(7) Replies
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
‎Aug 29, 2007
07:52 AM
Digital signing succeeds but does not show up in Windows explorer for files above a certain limit. Is the file you are trying to sign a large one?
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
‎Aug 29, 2007
08:22 AM
It's 307 MB, but even if it didnt show up in Windows Explorer, I would expect to see it when trying to install.
thx
Skeeto
thx
Skeeto
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
‎Aug 30, 2007
12:10 AM
Try using signtool with the verify option to check if it has been succesfully signed. If the file is a large one, even if signing succeeds, it does not show up in Windows
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
‎Aug 30, 2007
12:13 AM
See the footnote at the bottom:
Note When signing an executable file that is larger than approximately 300 megabytes, you should use catalog signing with the MakeCat tool rather than use the SignTool tool. This is because, depending on available system resources, some applications may not be able to verify the binary signature of a large file. For more information, see KB article 922225.
Note When signing an executable file that is larger than approximately 300 megabytes, you should use catalog signing with the MakeCat tool rather than use the SignTool tool. This is because, depending on available system resources, some applications may not be able to verify the binary signature of a large file. For more information, see KB article 922225.
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
‎Aug 30, 2007
04:56 AM
Hi Charlieantao
Thanks a lot, you were right.
Signtool confirms the certificate is ok, as does a check on VISTA.
It's a laugh really.
I'll have a look at makecat. In this case it would be nice if IS2008 supported use of makecat. Maybe it even does, but I couldn't find my way to it.
All the best 🙂
Skeeto
Thanks a lot, you were right.
Signtool confirms the certificate is ok, as does a check on VISTA.
It's a laugh really.
I'll have a look at makecat. In this case it would be nice if IS2008 supported use of makecat. Maybe it even does, but I couldn't find my way to it.
All the best 🙂
Skeeto
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
‎Aug 30, 2007
11:51 AM
InstallShield does not currently have any builtin support for using MakeCat for digital signatures. It's certainly something worth exploring, although I don't know exactly where it would best apply, so I've filed a feature request as IOC-000063834. As a general suggestion, you might see the best results when building uncompressed releases. In such a build each file will generally either be below the 300MB threshold or not need signing; the files that do need to be signed, such as the MSI, CAB and/or EXE files, should remain relatively small.
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
‎Aug 31, 2007
12:39 AM
Hi MichaelU
In our case we build packages for download, so we need to sign the whole package. One workaround for us would be to make (a rather old) version of DirectX a prereq, instead of implementing. It's just annoying to differ this install from all the others.
Lots of compliments for the compressing done in IS2008, it's very efficient.
If I build an uncompressed release, I'd have to zip it or something else due to bandwith concerns, which would take me back to square one, or am I missing something here?
All the best
Skeeto
In our case we build packages for download, so we need to sign the whole package. One workaround for us would be to make (a rather old) version of DirectX a prereq, instead of implementing. It's just annoying to differ this install from all the others.
Lots of compliments for the compressing done in IS2008, it's very efficient.
If I build an uncompressed release, I'd have to zip it or something else due to bandwith concerns, which would take me back to square one, or am I missing something here?
All the best
Skeeto