On Tue, 24 Sep 2024, Martin Frb via lazarus wrote:
On 24/09/2024 12:15, Bo Berglund via lazarus wrote:
OK, thanks.
I downloaded the Windows SDK installer and when I ran it I got to a
selection
page where I could select to ONLY install the signing tool.
The InnoSetup6 install builder does have support for signing so I will go
there
for further research.
Well, do you have a certificate?
This is the command I use
signtool.exe sign /tr http://timestamp.digicert.com /td sha256 /fd sha256
/a C:\path\to\target.exe
The params are explained on
https://learn.microsoft.com/en-us/dotnet/framework/tools/signtool-exe
The /tr .... /td... is optional, but recommended. And there is a list of
time servers that can be used
If you have more than one certificate (added to the windows certificate
store), then you may need to add something to select the one you want....
Usually, if you buy a cert, you get a piece of hardware (e.g. usb dongle)
and instructions which extra software to use to add the cert from that
hardware to the cert store. (and it will only work while the dongle is
plugged in).
If you want to use a self issued cert, you need to find a tutorial on that =>
but windows will not trust self signed certs... (Well the user may or may not
be able to add your cert to their trusted cert list, but I have no idea ...)
It's maybe an idea to add a small wizard for this to the IDE,
for beginners this would be easier.
Michael.
--
_______________________________________________
lazarus mailing list
lazarus@lists.lazarus-ide.org
https://lists.lazarus-ide.org/listinfo/lazarus
