Validate digital signature
I have a Basic MSI setup project. I am using the CD Release option. It generates a setup.exe, some ini files and an MSI file. I am looking for an option that specifies that the setup.exe should load the MSI only if the MSI contains a valid digital signature and is untampered.
Is there such an option?
the example bootsrapper of windows sdk can perform this:
Additionally if the setup.exe itself is signed, can it do a self check so that the installation is stopped due to an invalid signature?
I have a basic MSI package with a setup.exe. All compressed in the setup.exe. The msi and the setup.exe is signed. Now I change some bytes of the setup.exe. The sign is invalid but I can execute the installation... 😞
I have the same question and what to know if there is any solution to this problem available meanwhile so that the setup.exe is checking the digital signature of the MSI file before loading it.
We are using InstallShield 2020 R3 and want to know recommendation how to solve this security problem.