We have to use a USB signing token in conjunction with our SHA-256 certificate. To make that work with InstallShield 2012, we replaced the signtool.exe in the \system folder with our own 'shim' which changes the parameters and then calls the real sig...