Is it possible in Inno Setup to sign the Uninstaller and Installer with sha1 and sha256 at the same time?
I know that it is possible to sign the Executable with both certs via command tool, but want to know if this is possible to achieve with SignTool
in Inno.
Autoanswer...
Yes, this is possible. As @Wosi suggested you can write a batch and then call it with $f
parameter added.
Sample batch (signtool.bat):
@echo off
"PATH_TO_SIGNTOOL\signtool.exe" sign /v /du "COMPANY_NAME" /fd sha1 /t "http://timestamp.verisign.com/scripts/timstamp.dll" /f "sha1_cert.pfx" /p PASSWORD %1
set SIGN_RESULT_1=%ERRORLEVEL%
"PATH_TO_SIGNTOOL\signtool.exe" sign /as /v /du "COMPANY_NAME" /fd sha256 /tr "http://timestamp.comodoca.com/rfc3161" /td sha256 /f "sha256_cert.pfx" /p PASSWORD %1
set SIGN_RESULT_2=%ERRORLEVEL%
set /a RESULT=%SIGN_RESULT_1%+%SIGN_RESULT_2%
if %RESULT% NEQ 0 (
echo Warning! Signing failed with %SIGN_RESULT_1% for sh1 and %SIGN_RESULT_2% for sha256
pause
exit /B %RESULT%
)
echo Signing succeeded
exit /B 0
Then in Inno Setup you can call signtool.bat $f
where $f
will be passed to %1
for the batch.
For Windows XP compatibility for sha1: removed /as
, /tr
replaced with /t
, removed /td
(as it requires /tr
)
I will leave it here as maybe someone could find it helpful.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With