[Setup]: SignTool

Inno Setup

[Setup]: SignTool

Valid values:

A name followed by zero or more parameters, space separated
Description:

Specifies the name and parameters of the Sign Tool to be used to digitally sign Setup (and Uninstall if SignedUninstaller is set to yes). When Setup has a valid digital signature, users will not see an "unidentified program" warning when launching it.

The specified Sign Tool name and its command have to be defined in the compiler IDE (via the Tools | Configure Sign Tools... menu) or on the compiler command line (via the "/S" parameter), else an error will occur.

The following special sequences may be used in Sign Tool parameters and commands:

$f, replaced by the quoted file name of the file to be signed.

$p, replaced by the Sign Tool parameters.

$q, replaced by a quote, useful for defining a Sign Tool which contains quotes from the command line.

$$, replaced by a single $ character.

Example:

Assume the following Sign Tools have been defined in the IDE:

mystandard=signtool.exe /x /y /d $qMy Program$q $f
mycustom=signtool.exe $p
byparam=$p

then some examples would be:

SignTool=mystandard
SignTool=mycustom /x /y /d $qMy Program$q $f
SignTool=byparam signtool.exe /x /y /d $qMy Program$q $f

Note: for security reasons you should give a unique name to any Sign Tool set to $p, and not use a byparam name copied from this example. Consider what happens if you #include a third-party file that says:

SignTool=byparam format c: 

Details on obtaining signing certificates and using code-signing tools are beyond the scope of this documentation.

Note: If you use a Sign Tool and your Setup contains a large amount of data, it is recommended that you enable Disk spanning with DiskSliceSize set to max. If you don't do this, the user might experience a long delay after starting Setup caused by Windows verifying the digital signature against all your data. There should be no security reduction from using disk spanning in practice: all files extracted from the unsigned .bin files undergo SHA-1 verification (provided dontverifychecksum isn't used). The SHA-1 hashes for this (along with all other metadata) are kept inside Setup's EXE, which is protected by the digital signature.

See also: SignToolRetryCount