InnoSetup is probably the most used setup creation utility out there and it includes support for digital signatures and code signing. Unfortunately it can be a bit hard to configure. Here are some quick instructions for getting code signing up and running using kSign, K Software’s free code signing utility. kSign is free, you can download it here (feel free to pick up a digital certificate while you’re at it!).
These instructions have been tested with InnoSetup version 5.4.2(a).
Open the InnoSetup IDE
Click Tools -> Configure Sign Tools
Click the Add button
For [Name of the Sign Tool] put kSign
Click OK
For [Command of the Sign Tool] put
“C:\PATH_TO_KSIGN\kSign\kSignCMD.exe” /f “C:\FULL_PATH\YourCert.pfx” /p YOUR_PFX_PASSWORD $p
ONLY INCLUDE THE QUOTES IF THE PATH(s) CONTAINS SPACES!
PFX Password only applies if you password protected your PFX file. Leave out the /p all together if you didn’t. Note that for 32-bit Windows users the PATH_TO_KSIGN will be C:\Program Files\kSign\ and for 64-bit Windows users the PATH_TO_KSIGN will be C:\Program Files (x86)\kSign\ – you always need quotes around any path that contains spaces.
Click OK, then OK again.
Now open your setup .iss script file and somewhere in the [Setup] section, put : SignTool=kSign /d $qYOUR_DESCRIPTION$q /du $qhttp://www.example.com$q $f
Replace YOUR_DESCRIPTION and www.example.com with your own values. Save script, viola!
Feel free to post comments or questions. Email support@ksoftware.net if you have any trouble and we’ll help you out.
good to know, saves me a lil bit of time, to build and sign all my files. thanks
Important notice: If somebody like me copy and paste your code… you should replace the quotes infront and behind your paths with the inch-like ( ” ) ones, otherwise you will get an error message like: “Path not found”.
Thanks for the guide and the software. Is it possible to disable opening your website everytime kSignCmd.exe is used? It’s a bit annoying as the page opens twice whenever I compile setup package.
If the path to your certificate doesn’t contain spaces, then the quotes should not be added. Signing won’t work if there are unnecessary quotes.
Przemek : That should only happen if you’re not using a certificate you purchased through us. The utility still works for certificates issued from other CAs but the “nag” is that it brings you back to the website.
Drop me an email if you are signing with a certificate you got here and we’ll figure out what’s going on. If you are using a cert from another CA, still email me and I’ll convince you with a generous discount coupon to get one from K Soft!
Jeremy : Thanks for that, I’ll edit the article to make that more clear.
Wish I new this before I bought a cert from Comodo directly. Now I have to figure out how to auto-sign without the hard way. Our builds run on a schedule automatically (who’s going to close all those nag page instances of FF).
Great software and also a great idea to combine your tool with Inno Setup which is one of the most powerfull software for developers. Great duo
Keep developing your tool!
1. I find that kSignCMD.exe does not tolerate spaces in the path to the .pfx file, even when file and path are enclosed with quotes. Spaces are OK in the path to the file to be signed when file and path are enclosed in quotes.
2. Further the pfx file and its path must not be enclosed with quotes with Inno Setup 5.4.2 unicode version in Windows 7 32bit.
But you must enclose with quotes with Inno Setup 5.4.2 ansi version in Windows XP (even though you can’t actually use spaces or kSign fails)! Weird.
3. I may be confused but it seemed necessary to explicitly set SignedUnInstaller=yes in the Setup section of the Inno install file to get things to run the first time. Then seems I can comment this line out. Anyone know exactly what is happening here?
Hi Richard – I just tested the kSignCMD with the PFX file in a folder with spaces and it worked well for me. Are you getting some sort of error message? Is it just through Inno, or are you seeing the same problem when you run it manually?
Hi Mitchell,
try a command prompt window with something like this (I’m using Windows 7)
“C:\Program Files\kSign\kSignCMD.exe” /f “C:\Users\Richard Andresen\Documents\CodeSigningCert2011_rpa.pfx” /p mypassword /d “5Spice_Install” /du “http://www.5Spice.com/” “C:\Users\Richard Andresen\Documents\FileToSign.exe”
error msg: The filename, directory name, or volume label syntax is incorrect
notes: Windows 7 seems to accept “Documents” and “My Documents” as equivalent in User path names. I tried both. If the path to the .exe file is incorrect I get a different error msg.