Results 1 to 3 of 3

Thread: Code-signed .MSI question

  1. #1

    Default Code-signed .MSI question

    Sometimes, when I install software from a publisher's code-signed .MSI
    file onto my Win10 box, the elevation prompt says "Windows Installer"
    and that the publisher is Microsoft.

    But the actual .MSI is signed by the publisher. (in this case, it's
    Evernote and signed with sha1)

    Why doesn't the elevation prompt show the vendor as the publisher?

    Jeff Slarve
    www.jssoftware.com


    Bits and Bytes are Dy-No-Myte

  2. #2

    Default Re: Code-signed .MSI question

    Jeff,

    > Sometimes, when I install software from a publisher's code-signed .MSI
    > file onto my Win10 box, the elevation prompt says "Windows Installer"
    > and that the publisher is Microsoft.
    >
    > But the actual .MSI is signed by the publisher. (in this case, it's
    > Evernote and signed with sha1)
    >
    > Why doesn't the elevation prompt show the vendor as the publisher?

    this is a good question. As far as I know, the original digital signature
    is removed from the .msi when doing an elevated installation. From the
    technical point-of-view, a .msi package gets modified when it is launched
    with administrator execution level privileges (the "AdminProperties" stream
    changes).

    Friedrich

  3. #3

    Default Re: Code-signed .MSI question

    Interesting. Thanks.

    Wonder what happens if the original signature is invalid or revoked.

    Jeff Slarve
    www.jssoftware.com


    Bits and Bytes are Dy-No-Myte

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •