Signing Installers You Create with Inno Setup

Configure Sign Tools

Select Configure Sign Tools... from the Tools menu.

Configure Sign Tools

Add A Tool

Add A Tool

Name the Tool

Give the tool a name. This is the name you will use when referring to the tool in your installer scripts. I named mine signtool because I'm using signtool.exe.

Name the Tool

Assign the Command Line Parameters

Paste in the text you use to sign your executables from the command line. Replace the name of the file to sign with $f. Inno Setup will replace the $f variable with the file that is being signed.

Example:

"C:\Program Files\Microsoft Platform SDK for Windows Server 2003 R2\Bin\signtool.exe" sign /f "C:\MY_CODE_SIGNING.PFX" /t http://timestamp.comodoca.com/authenticode /p MY_PASSWORD $f
Assign the Command Line Parameters

After clicking OK you are done configuring the sign tool.

Update Your [Setup] Section

Add the following script to your [Setup] section to use the sign tool you just configured. This assumes you named your tool signtool.

SignTool=signtool
Update Your [Setup] Section

The Result

Now when you build your installers they will be signed.

8 Comments

Carlos Ramirez

Hello,

Excellent very explicative. For Visual Studio 12 the signtool is located here: "C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\signtool.exe"

Thanks

Andy

Very clear and helpful, I have no idea how anyone would be expected to figure it out without this level of help!

Michael Sarahan

Thanks, this was very helpful. For people using command line tools, see this other helpful post, too: http://doughennig.blogspot.com/2009/11/executable-signing-with-inno-setup.html

Sanchi

So the signtool.exe would lie in "Program Files" for x86 machines and "Program Files (x86)" for x64 machines. So this might fail the signing

Jaime

Very useful and straightforward.

Dieter Woellner

Near to getting nuts when trying via Innosetup help I found your article. Saved my head ;o)!

Daniel

Is there any way to have something like "SignTool=SignTool.exe /a $f" rather than doing this two step method of creating the named signtool? Just because I have it running on build servers, and would make things easier if everything was set up inside the scripts.

Trevor DeVore

@Daniel I'm not aware of any other method than the one described. Best to search on the INNO Setup site to see if this is an option.

Add your comment

E-Mail me when someone replies to this comment