Read through the beach bunny tutorial...got to the point where you open the digital signature tab in SetupBuilder options.....no such tab in v. 8.

The help screen refers to an spc file - don't have one. All I have is a pvk file and that was one I changed the name on from the firefox backup.

Hello,

The Digital Signature tab definitely exists in SetupBuilder 8 ;) See attached screenshot.

The .spc is the credentials file and you received it after the CA validated your identity and sent the "Your Code Signing Certificate is ready! Thank you for placing your order. The necessary background checks have been successfully completed and we are pleased to announce that your Code Signing Certificate has been issued. To collect your Code Signing Certificate, please click here." email.

If you have received the certificate in form of a .pvk/.spc then you need both the private key (.pvk) and the credentials file (.spc) to make use of Windows Authenticode. And of course, you can use a .pfx in SetupBuilder.

Does this help?

Friedrich

I must have a buggy version. My Options tabs go: File Locations| Languages|Dialog Templates. I'd post a screen shot but I don't think it is allowed.

No, you definitely have not a buggy SetupBuilder version :) BTW, screenshots are allowed!

You have to handle the code-signing stuff in your project! Not in the global IDE Options... ;)

Please see my previous screenshot: "General Information" -> "Digital Signature".

And NOT "Tools" | "Options..."

Does this help?

Friedrich

D'OH....I tried to post again but I lost my connection. Sorry. I found the right window.....I didn't know the OPTIONS window was different from the GENERAL INFORMATION window. Sorry about that.

Perfect. Thanks for the update!

Friedrich

I used firefox to download....I guess that was a mistake. I followed the instructions on copying it but I ended up with a .pfx file and no .spc file. What do I do know.

The .PFX is all that you need! SetupBuilder can use both .PVK/.SPC and .PFX.

1. You need SIGNTOOL.EXE from Microsoft.

2. Open the IDE and select "Tools" -> "Options..." -> File Locations tab. In the "Signcode.exe or SignTool.exe Location" field, please specify the fully qualified path to SIGNTOOL.EXE file.

Now open your project and go to "General Information" -> "Digital Signature" -> and select your certificate file (.pfx) in the "PFX File (optional)" field. Enter all required information (including timestamp).

Compile and you are done :)

Friedrich

Got it...thanks.....it worked fine once I got all the pieces in place.

I assume every time I compile an updated version of my setup, my app will be "code-signed" during compilation

With "my app", do you mean the "setup.exe" or your application file(s)?

General Information -> Digital Signature -> Add a Digital Signature -> YES will always code-sign your install. The #code-sign application directive lets you add an Authenticode® digital signature to your own application file(s). For example, your own .exe, .dll, .ocx, etc.

Friedrich

I meant the setup.exe. Is there any reason I'd want to also the digital signature to my application.exe file?

Microsoft recommends that commercial software publishers code sign all their PE files. And if you would like to see your own application files flagged as 'suspicious' by anti-virus and anti-spyware systems on a regular basis, then don't code-sign ;-)

You should always code-sign your own PE application files (all your .exe, .dll, .ocx, ...). You should not code-sign 3rd-party files because code-signing means that you take over responsibility (and sometimes it is not even allowed to code-sign because the signature modifies the binary contants of a file). If you have "unsigned" 3rd-party components, you should ask the vendor to code-sign the files.

Friedrich

In the script it looks like I'm signing my application .exe but I don't see where setup.exe is being code signed.

#code-sign application "C:\Installation Programs\Release\DataBinder.exe"


I went to General Information and added digital signature to installer executable.

Yes, that is correct. When you have General Information -> Digital Signature -> Add a Digital Signature -> set to YES then the compiler will automatically code-sign your generated setup.exe. Compiler report should look similar to the attached screenshot.

Friedrich

Got it....thanks!

You are welcome :)

Friedrich