View Full Version : "Digitally Sign Setup" link is absent

Bill Devel
10-07-2005, 07:04 AM

I have recently upgraded to Installshield 11 Express.

I want to digitally sign a "Single Executable" and when searching within help I have found this:

Building Your Installation
InstallShield 11 Express

The Build Installation page is where you build your installation.

To build your installation:

1. Select the Single Executable check box.
2. Determine if you want InstallShield to digitally sign your single executable (setup.exe) file. If you do, click the Digitally Sign Setup link, and configure the digital signature options in the Digitally Sign Setup dialog box.
3. Click Build Installations.

But the "Digitally Sign Setup" link does not appear in the "Project Assistant / Build Installation" screen. The only links are "Optional distribution settings" and "Open release folder" and none of them appears to be related to digital signatures.

Does anybody know...

How can I sign my Setup.exe file?

How can I access the Digitally Sign Setup dialog box?

Thank You.

11-24-2005, 04:22 PM
I have found this same problem. It looks like you can only digitally sign a website install. I hope someone has an answer to this.

12-08-2005, 02:53 PM
I also have the same problem. Without signing the setup.exe, the user gets a dialog box about how this program is not diagitally signed ... may not be secure ...

That is not acceptable. I need the user to feel secure about running the setup.exe file.

Anybody looking into this ?

12-21-2005, 09:01 PM
I thought by now the engineers at macrovision would have an answer for this, but I guest not. Can someone look into this? Even if the answere is NO the product cannot add a digital signature, I would still like to know, so I can find another way to solve this.


12-22-2005, 12:30 PM
Have you tried the Build Your Releases view on the Installation Designer Tab?Look for a grid of options with a place to specify a certificate and password.

(Please pardon my terminology if it's off; I work with the Professional edition.)

01-04-2006, 06:23 PM
>> I want to digitally sign a "Single Executable"

I don't know why this feature isn't available in Express 11. Hopefully it's just an oversight and will be added to the program in an update.

In the meantime, I use a batch file to sign the .exe before uploading to the web server.

Include the appropriate command line parameters and the only extra work is to enter your password when signcode.exe prompts you during the signing process.

C:\>signcode /?

Usage: SignCode [options] [FileName]
-spc <file> Spc file containing software publishing certificates
-v <pvkFile> Pvk file name containing the private key
-k <KeyName> Key container name
-n <name> Text name representing content of the file to be signed
-i <info> Place to get more info on content (usually a URL)
-p <provider> Name of the cryptographic provider on the system
-y <type> Cryptographic provider type to use
-ky <keytype> Key type
-$ <authority> Signing authority of the certificate
Default to using certificate's highest capability
-a <algorithm> Hashing algorithm for signing
<md5|sha1>. Default to md5
-t <URL> TimeStamp server's http address
-tr <number> The # of timestamp trial until succeeds. Default to 1
-tw <number> The # of seconds delay between each timestamp. Default to 0
-j <dllName> Name of the dll that provides attributes of the signature
-jp <param> Parameter to be passed to the dll
-c <file> file containing encoded software publishing certificate
-s <store> Cert store containing certs. Default to my store
-r <location> Location of the cert store in the registry
<localMachine|currentUser>. Default to currentUser
-sp <policy> Add the certification path (chain) or add the certification
path excluding the root certificate (spcstore).
<chain|spcstore>. Default to spcstore
-cn <name> The common name of the certificate
-sha1 <thumbPrint> The sha1 hash of the certificate
-x Do not sign the file. Only Timestamp the file

Note: To sign with a SPC file, the required options are -spc and -v if
your private key is in a PVK file. If your private key is in a
registry key container, then -spc and -k are the required options.

02-14-2006, 08:44 PM
I'll try the command line