[WiX-users] How does digital signing work?

2008-10-06 Thread Yves 
Hello

Could anyone please describe how digital signing works with WIX? 
I've only found the reference of the DigitalSignature-element here:
http://wix.sourceforge.net/manual-wix2/wix_xsd_digitalsignature.htm 
In the Windows Installer SDK there isn't much more information. It seams
that I need a 128 bit hash of an unknown file or set of files created with
an unknown hashing algorithm. I first thought that I have to use the hash
of the .MSI file, but this can't work because the hash itself is part of
the .MSI file.

So my questions are basically:
 1. What hashing algorithm do I have to use?
 2. What files do I have to include in the hash?

Thank you in advance!
___
mymail - der unschlagbare und kostenlose E-Mail-Dienst der Schweiz!
http://mymail.ch/?redirect=
Geschenkidee.ch - Geschenke für jeden Anlass!
http://ad.zanox.com/ppc/?8113402C1838543470T


-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK  win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100url=/
___
WiX-users mailing list
WiX-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wix-users

Re: [WiX-users] How does digital signing work?

2008-10-06 Thread John Hall 
 Could anyone please describe how digital signing works with WIX?
 I've only found the reference of the DigitalSignature-element here:
 http://wix.sourceforge.net/manual-wix2/wix_xsd_digitalsignature.htm
 In the Windows Installer SDK there isn't much more
 information. It seams that I need a 128 bit hash of an
 unknown file or set of files created with an unknown hashing
 algorithm. I first thought that I have to use the hash of the
 .MSI file, but this can't work because the hash itself is
 part of the .MSI file.

 So my questions are basically:
  1. What hashing algorithm do I have to use?
  2. What files do I have to include in the hash?

Yves,

I just use SignTool 
(http://msdn.microsoft.com/en-us/library/8s9b9yaz(VS.80).aspx) on my compiled 
.msi file.

Regards,
John

-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK  win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100url=/
___
WiX-users mailing list
WiX-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wix-users

Re: [WiX-users] How does digital signing work?

2008-10-06 Thread Wheeler, Blaine (DSHS/DCS) 
Here is how we do it.

1. We had to get a 'code signers certificate'.  There are many vendors;
Verisign, Thawte, Comodo or one of the competitors.  If your company
already has a certificate, you are saved from much frustration.  If not,
Comodo has very good instructions about installing the key and using it.


2. The System Requirements for the machine you are going to generate the
signature on: 
a. Signtool.exe is included in the Platorm SDK
b. You must also install CAPICOM (capicom_dc_sdk.msi)

3. Build your msi.

4. Use Signtool to sign any executable file (dll, exe, com, msi, cab,
catalog etc). There are many command line switches depending on whether
your Certificate is in the machine's Certificate Store or you have it
exported to a file(.pfx) like we do.

Syntax: signtool.exe sign /f Path\filename.pfx /p password
for the key
 /t url to timpstamp server /v path\filename to sign

There are many command line switches.  The line above works but you may
wish to add /q so that success returns nothing, errors will still return
output to stdout.

Syntax Help: http://msdn2.microsoft.com/en-us/library/aa387764.aspx

Once you get SDK, CAPICOM and the Certificate installed, signing things
is just one command in the build process.

-Original Message-
From: John Hall [mailto:[EMAIL PROTECTED] 
Sent: Monday, October 06, 2008 10:16 AM
To: General discussion for Windows Installer XML toolset.
Subject: Re: [WiX-users] How does digital signing work?

 Could anyone please describe how digital signing works with WIX?
 I've only found the reference of the DigitalSignature-element here:
 http://wix.sourceforge.net/manual-wix2/wix_xsd_digitalsignature.htm
 In the Windows Installer SDK there isn't much more
 information. It seams that I need a 128 bit hash of an
 unknown file or set of files created with an unknown hashing
 algorithm. I first thought that I have to use the hash of the
 .MSI file, but this can't work because the hash itself is
 part of the .MSI file.

 So my questions are basically:
  1. What hashing algorithm do I have to use?
  2. What files do I have to include in the hash?

Yves,

I just use SignTool
(http://msdn.microsoft.com/en-us/library/8s9b9yaz(VS.80).aspx) on my
compiled .msi file.

Regards,
John


-
This SF.Net email is sponsored by the Moblin Your Move Developer's
challenge
Build the coolest Linux based applications with Moblin SDK  win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the
world
http://moblin-contest.org/redirect.php?banner_id=100url=/
___
WiX-users mailing list
WiX-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wix-users



-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK  win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100url=/
___
WiX-users mailing list
WiX-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wix-users