View Full Version : Signing Files Popup Annoyance

07-03-2007, 09:05 AM
Hi all,

I am a little complaining about how the InstallShield 2008 (and before) is signing the files. It is done using an external tool which pops up and is only visible for some milliseconds. It signs the files and setup file during a release build. It pastes the private key password into the tools textbox.

This can cause the following problems if you intend to continue working with your PC while InstallShield is building the setup (Which makes sense as building a setup can take 5-10 minutes depending on your hardware).

1. You write an email and your private key password is pasted into the email while you are writting it.
2. If you chat with someone on Office Communicator or MSN, the passwords gets entered into the message field and send so fast, I can prevent it. Happened to me like 4-5 times now. People always wounder what these strange word and number mix means. I always tell them I accidentally hit the keyboard -.-

It would be great if the devs@installshield could consider alternative methods signing the files, or make SURE that the private key password is not entered anywhere else then the signing tool.

Thank you.

07-03-2007, 09:41 AM
If you specify a .pfx file for signing, InstallShield uses SignTool.exe to sign your files. If you specify an .spc file and a .pvk file, InstallShield uses Signcode.exe to sign your files.

Using a .pfx file is the preferred method. If you specify the digital signature password in InstallShield, you will never see a password prompt if you are using a .pfx file. However, if you are using .spc and .pvk files, a password prompt may be displayed.

Using .pfx files for signing in InstallShield is new as of InstallShield 2008.

I hope that helps.

Debbie Landers
Macrovision Corporation

07-03-2007, 09:58 AM
I am going to try this, thank you.

Edit: I verified my settings, I was using spc and pvk file, switched to the pfx file as you suggested. No more popups :D
Thanks for the hint.

07-05-2007, 10:28 AM
I spoke to soon :rolleyes:
Signing files in the package works fine, but "signing Windows Installer package" or "Sign sxetup.exe" fails with the following error:
ISDEV : error -6259: Internal build error

Your Knownledgebase shows this article:

However I did not changed the password or anything else. And signing project works. Any Ideas?

07-06-2007, 02:59 PM
Hmm. That seems odd. Can you give some more details on this? How are you building the release? (Are you building from the IDE? from the command line? with the Standalone Build? through the automation interface?)

How did you get the .pfx file? Did a certificate authority issue it to you? Did you create it from your .spc and .pvk file? If the latter is the case, what tool did you use to create the .pfx file?

Just as a test, can you try using the .spc and .pvk files again and see if you can successfully sign the files, your Windows Installer package, and the Setup.exe file? (Maybe some other recent change to your project or your build machine is preventing successful signing?)

We can't seem to reproduce that same problem in-house, so maybe if we have more details, we can help you troubleshoot this.

Debbie Landers
Macrovision Corporation

07-09-2007, 03:35 AM

I am using the InstallShield IDE normally, it's a basic MSI Project.
The .pfx file and the other files were issues from an official certification authority, I believe it was from verisign.

I switched back to the old method, and got the same error - strange.
So I played with the options and enabled one by one, and the error disappeared. Then I enabled all options again - and see no error. Very odd. Then I switched back to the .pfx file, only enabled "Sign setup.exe" and got the Internal build error again (-6259).

07-10-2007, 08:02 AM
That's odd. I don't know what would be causing this behavior. Perhaps someone else has encountered this, and they'll be able to comment on troubleshooting tips.

Debbie Landers
Macrovision Corporation

07-12-2007, 11:34 AM
I get this error when I include the DirectX 9 object and choose the option to include it on Disk1 uncompressed. In order to correct I just ran the wizard again and chose to leave it compressed. For now this works but at some point this will have to be addressed.

A point to note is that I have modified the DirectX 9 INI file in object gallery so that it only includes the files I need to distribute - not all the sdk modules.

Once I did this then signing with the pfx file worked.