Signing Installers You Create with Inno Setup

Configure Sign Tools

Select Configure Sign Tools... from the Tools menu.

Configure Sign Tools

Add A Tool

Add A Tool

Name the Tool

Give the tool a name. This is the name you will use when referring to the tool in your installer scripts. I named mine signtool because I'm using signtool.exe.

Name the Tool

Assign the Command Line Parameters

Paste in the text you use to sign your executables from the command line. Replace the name of the file to sign with $f. Inno Setup will replace the $f variable with the file that is being signed.

Example:

"C:\Program Files\Microsoft Platform SDK for Windows Server 2003 R2\Bin\signtool.exe" sign /f "C:\MY_CODE_SIGNING.PFX" /t http://timestamp.comodoca.com/authenticode /p MY_PASSWORD $f
Assign the Command Line Parameters

After clicking OK you are done configuring the sign tool.

Update Your [Setup] Section

Add the following script to your [Setup] section to use the sign tool you just configured. This assumes you named your tool signtool.

SignTool=signtool
Update Your [Setup] Section

The Result

Now when you build your installers they will be signed.

The ResultZoom: The Result

8 Comments

Carlos Ramirez

Hello,

Excellent very explicative. For Visual Studio 12 the signtool is located here: "C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\signtool.exe"

Thanks

Andy

Very clear and helpful, I have no idea how anyone would be expected to figure it out without this level of help!

Michael Sarahan

Thanks, this was very helpful. For people using command line tools, see this other helpful post, too: http://doughennig.blogspot.com/2009/11/executable-signing-with-inno-setup.html

Sanchi

So the signtool.exe would lie in "Program Files" for x86 machines and "Program Files (x86)" for x64 machines. So this might fail the signing

Jaime

Very useful and straightforward.

Dieter Woellner

Near to getting nuts when trying via Innosetup help I found your article. Saved my head ;o)!

chris

I have tryed this in wondiws 10 cna not et it to work i installed the sdk the singtool is located in C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x64\signtool.exe inno complie fails with
Sign Tool command failed (Failed to execute Sign Tool command.

Error 5: Access is denied). Will retry (2 tries left).

Trevor DeVore

@chris - that sounds like a permissions issue. A google search for "signtool.exe Error 5: Access is denied" turned up this:

https://github.com/javafx-maven-plugin/javafx-maven-plugin/issues/286

There was a folder permissions problem in that particular case and signtool.exe update the file. I would start by looking at permissions on the files you are trying to modify.

Add your comment

E-Mail me when someone replies to this comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.