cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Integrating InstallShield with Azure Key Vault

Integrating InstallShield with Azure Key Vault

Introduction

In this instructional video, Ian Pinawin (Senior Technical Support Engineer, Revenera) demonstrates how to integrate InstallShield with Azure Key Vault.

Video Credit: Ian Pinawin, Senior Technical Support Engineer - Revenera

More Information

Note that in the manual call to azuresigntool.exe to digitally sign an arbitrary file (C:\setup.exe) in the example given in the video and shown below:

azuresigntool.exe sign -du "https://www.revenera.com" -fd sha256 –kvu https://myazurekeyvault1224.vault.azure.net -kvi <Client ID of the service principal or the user identity> -kvt <Tenant ID of the service principal or the user identity> -kvs <Secret (token) used to authenticate to Azure Key Vault> -kvc MyTestCertificate1224 -tr http://timestamp.digicert.com -td sha256 -v C:\setup.exe

C:\setup.exe is replaced by %1, and this command is placed in a Windows batch file, where %1 is the first argument passed to the batch file. When InstallShield uses the Custom signing type, it calls the batch file and passes the file to sign as an argument. InstallShield repeats this process for each file to be signed by azuresigntool.exe.

Labels (1)
100% helpful (1/1)
Comments

Two additional comments:

Installshield passes the name for the swidtag file to the batch file. But the file can contain a comma "," which leads to the problem, that the file name is splitted into two arguments.
So, %1 only includes the first half of the filename.
I recommend to use %* instead of %1 in the .bat  file.

Second thing is that AzureSigntool and SignTool as well can't sign the swidtag file because it is an xml. In this case you need to sign the swidtag file with a different approach (like using .NET, Java, OpenSSl, Phyton,...)

Version history
Last update:
‎Mar 25, 2024 03:32 PM
Updated by:
Contributors