PDA

View Full Version : Digitally Signing



TheHouz
06-21-2010, 12:32 PM
I am running InstallShield Express 2010 on a 64-Bit desktop with 8GB of ram.

I recently acquired a digital certificate from Winqual. I added the certificate to one of my installation projects. The signing process worked just fine. I thought I was home free.

I then had to install Office 2010 Professional. This is to allow me to test applications in Office 2010.

I then started to receive errors when InstallShield was compiling my application. SignTool Error: Signtool requires CAPICOM version 2.1.0.1 or higher. Please
copy the latest version of CAPICOM.dll into the directory that contains
SignTool.exe. If CAPICOM.dll exists, you may not have proper
permissions to install CAPICOM.

A little research indicates capicom.dll has been depracated by Microsoft.

So, I contact Flexera support. They tell me to do a repair install of my Express 2010. I did this.

Now, when I compile the same project, I do not get the error. But, all of the applications are signed with the wrong date.

So, I contact Flexera again. Now, they say: I was in touch with the engineering team. Since InstallShield Express is a stripped down version it doesn�t support 64 bit operating system. Therefore the digital signature or any other feature may not work as expected.
I would request you please upgrade InstallShield 2010 to Premier edition as it supports 64 bit OS as well.

That is a loaded response "or any other feature may not work as expected". THey told me it would work just fine on a 64-Bit desktop when I purchased the renewal.

Anyone have any thoughts on this. My Express 2010 was working prefectly on my 64-Bit desktop until I installed Office 2010. I suspect this is another bug in Express 2010 that they will not fix, and want to force me to Premier.

MichaelU
06-22-2010, 02:44 PM
What do you mean by the wrong date? While it's certainly true that the Express edition doesn't support creating a 64-bit installation for a 64-bit OS, I wouldn't generally expect any problems running on a 64-bit host.

TheHouz
06-23-2010, 08:16 AM
The project I am building contains say 10 different executables. Each executable has a different date, based upon when that executable was compiled.

Prior to Office 2010 installation, when the digital signing was working properly, the executables were signed, and yet maintained the date the executable was compiled.

Post Office 2010 installation. Everything is signed, but, the date was changed to reflect the exact date and time that I performed the build of the project.

Hope that is clear.

MichaelU
06-23-2010, 10:29 AM
Okay, I understand what you are saying now. Previously I thought you might have meant the digital signature's timestamp was incorrect.

It sounds likely that installing Office 2010 updated some shared libraries on the machine which have changed how signtool works. Unfortunately since signtool came from Microsoft, it will be between hard and impossible for us to change this behavior.

Mark Stegall
06-23-2010, 09:19 PM
Did signtool change the creation date or only the modified date?

There are 3 dates asscoicated with a file, Creation, modified and last accessed. The digital signature and timestamp are a separate characteristic.

The digital signature timestamp is the verifiable date/time that the exectuable was signed. It relates only to the digital signature.

The Creation date is when the file was created (typically when you compiled the program)
The modified date would reflect the date/time that you digitally signed the executable since it must modify the .exe file. Modifying the .exe file after it is signed invalidates the digital signature.

I have Windows 7 x64 with Office 2007 installed. Windows Explorer displays by default the Date Modified not Date Created.

TheHouz
06-24-2010, 09:27 AM
Here is your answer Mark.

Not sure I mentioned, but after installing Office 2010, I had errors during my build. After I used the Express CD to do a repair, the errors stopped, but results changed.

Before Office 2010, when I do a build in Express. These are all good/expected dates.

Application has Created May 26, 2010
Application has Modified May 26, 2010
Application has Accessed June 24, 2010

After Office 2010. No change to the build or applications, except adding the signing.

Application has Created June 4, 2010
Application has Modified June 4, 2010
Application has Accessed June 24, 2010
Certificate Timestamp is June 4, 2010.

Based on your input, the date modified should be June 4th, as it was modified or signed that date. But, the date created should remain at May 26.