1 Attachment(s)
Re: Dual signing MSI file
Interesting.
So I made a little MSI using SetupBuilder.
Tried signing it.
Barfed at dual-signing (pic).
But I was able to sign it with a single SHA2 signature.
here's the SHA2 MSI, if you want to look:
http://www.beachbunnysoftware.com/SB/ArnorMSI.msi
jf
Re: Dual signing MSI file
Hi Jane,
> But I was able to sign it with a single SHA2 signature.
>
> here's the SHA2 MSI, if you want to look:
Thanks. Yes, I am able to do a SHA2 code sign only, not dual code sign.
That works for me:)
Best regards,
--
Arnor Baldvinsson
Icetips Alta LLC
Re: Dual signing MSI file
>> But I was able to sign it with a single SHA2 signature.
>>
>> here's the SHA2 MSI, if you want to look:
>
> Thanks. Yes, I am able to do a SHA2 code sign only, not dual code sign.
> That works for me:)
The MSI file format does not support dual signing <g>. Only SHA-1 -or-
SHA-2.
Friedrich
Re: Dual signing MSI file
Hi Friedrich,
> The MSI file format does not support dual signing <g>. Only SHA-1 -or-
> SHA-2.
Nice;) I don't think I need to worry about SHA-1 on this thing:)
BTW: What happens on older machines, XP etc. if you have SHA-2
codesigning only?
Best regards,
--
Arnor Baldvinsson
Icetips Alta LLC
Re: Dual signing MSI file
> Nice;) I don't think I need to worry about SHA-1 on this thing:)
>
> BTW: What happens on older machines, XP etc. if you have SHA-2
> codesigning only?
On older non-UAC-aware machines, a SHA-2 signature is always "invalid". But
the .msi should still install fine on XP (especially when called from a
perfectly SHA-1/SHA-2 signed .exe installer).
Friedrich
Re: Dual signing MSI file
Hi Friedrich,
> On older non-UAC-aware machines, a SHA-2 signature is always "invalid". But
> the .msi should still install fine on XP (especially when called from a
> perfectly SHA-1/SHA-2 signed .exe installer).
Thanks:)
Best regards,
--
Arnor Baldvinsson
Icetips Alta LLC