[英]Is it possible to dual-sign installer and uninstaller with sha1 and sha256 certificates?
Is it possible in Inno Setup to sign the Uninstaller and Installer with sha1 and sha256 at the same time?是否可以在 Inno Setup 中同时使用 sha1 和 sha256 对卸载程序和安装程序进行签名?
I know that it is possible to sign the Executable with both certs via command tool, but want to know if this is possible to achieve with SignTool
in Inno.我知道可以通过命令工具用两个证书签署可执行文件,但想知道这是否可以通过 Inno 中的SignTool
实现。
Autoanswer...自动应答...
Yes, this is possible.是的,这是可能的。 As @Wosi suggested you can write a batch and then call it with $f
parameter added.正如@Wosi 建议的那样,您可以编写一个批处理,然后添加$f
参数来调用它。
Sample batch (signtool.bat):样品批次(signtool.bat):
@echo off
"PATH_TO_SIGNTOOL\signtool.exe" sign /v /du "COMPANY_NAME" /fd sha1 /t "http://timestamp.verisign.com/scripts/timstamp.dll" /f "sha1_cert.pfx" /p PASSWORD %1
set SIGN_RESULT_1=%ERRORLEVEL%
"PATH_TO_SIGNTOOL\signtool.exe" sign /as /v /du "COMPANY_NAME" /fd sha256 /tr "http://timestamp.comodoca.com/rfc3161" /td sha256 /f "sha256_cert.pfx" /p PASSWORD %1
set SIGN_RESULT_2=%ERRORLEVEL%
set /a RESULT=%SIGN_RESULT_1%+%SIGN_RESULT_2%
if %RESULT% NEQ 0 (
echo Warning! Signing failed with %SIGN_RESULT_1% for sh1 and %SIGN_RESULT_2% for sha256
pause
exit /B %RESULT%
)
echo Signing succeeded
exit /B 0
Then in Inno Setup you can call signtool.bat $f
where $f
will be passed to %1
for the batch.然后在 Inno Setup 中,您可以调用signtool.bat $f
其中$f
将传递给批处理的%1
。
For Windows XP compatibility for sha1 : removed /as
, /tr
replaced with /t
, removed /td
(as it requires /tr
)对于sha1的 Windows XP 兼容性:删除/as
, /tr
替换为/t
,删除/td
(因为它需要/tr
)
I will leave it here as maybe someone could find it helpful.我会把它留在这里,因为也许有人会觉得它有帮助。
I'm using Inno Setup 5.5.9.我正在使用 Inno Setup 5.5.9。 I compile my script from the command line using ISCC
.我使用ISCC
从命令行编译我的脚本。 My setup script includes these two lines in the [Setup]
section:我的安装脚本在[Setup]
部分包含这两行:
SignTool=sha1
SignTool=sha256
The ISCC
command looks like: ISCC
命令如下所示:
ISCC "/ssha1=signtool.exe /f <cert.pfx> /p <certpwd> /fd SHA1 /t <timestamp.url> /v $f" "/ssha256=signtool.exe /f <cert.pfx> /p <certpwd> /fd SHA256 /tr <timestamp.url> /td SHA256 /as /v $f" setup.iss
Inno Setup will sign the install and uninstall with both certs. Inno Setup 将使用这两个证书对安装和卸载进行签名。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.