Adding A Digital Signature To A Patch - Symantec WISE PACKAGE STUDIO 8.0 - REFERENCE V1.0 Reference
Hide thumbs
Also See for WISE PACKAGE STUDIO 8.0 - REFERENCE V1.0:
- Reference (142 pages) ,
- Getting started manual (78 pages)
Table of Contents
Advertisement
Wise Package Studio Reference
Adding a Digital Signature to a Patch
Windows Installer 3.0 or later only.
Use the Specify Digital Signature Settings page to add an Authenticode digital signature
to a patch file.
Frequently, updating an application requires more privileges than that of a standard
user, and only the administrator has sufficient privileges to run the update. This can
result in the application needing to be run with administrator privileges.
You can avoid this problem by signing patches that will be run under Windows Vista or
later operating system. To do so:
Make sure that the original installation was digitally signed.
Add a digital signature to the patch, using the same certificate that was used to sign
the original installation.
When the patch is applied, the Windows Vista or later operating system performs the
elevation for the application. This means that a standard user can run the update, and
does not have to provide administrator authorization to run the application.
Digital signature methods
The file signing tool that is used to digitally sign a file depends on the type of your digital
certificate:
Public/private key pair files
This method requires a credentials file (.SPC or .CER) and a private key file (.PVK).
This method is supported by the signcode.exe tool. For details, search for
"Signcode" in the MSDN Library (msdn.microsoft.com/library/).
Personal Information Exchange file
This method requires a Personal Information Exchange file (.PFX), which is a
container file for the public/private key information. This method is supported by
the signtool.exe tool. For details, search for "Signtool" in the MSDN Library
(msdn.microsoft.com/library/).
Requirements
You must have a valid code signing certificate, which you can obtain from a
commercial certificate authority such as Verisign. For a list of certificate authorities,
search for "Microsoft Root Certificate Program Members" in the MSDN Library
(msdn.microsoft.com/library/).
You must have the signtool.exe or signcode.exe tool on your computer.
Signtool.exe requires the CAPICOM 2.0 redistributable to be installed and registered
on your computer. CAPICOM provides services for digitally signing applications, and
is available from the Microsoft Web site.
The location of signtool.exe or signcode.exe must be specified on the Digital
Signature tab in Wise Options in Windows Installer Editor, or they must be available
on the system path.
For more information, search for "User Account Control (UAC) Patching" in the MSDN
Library (msdn.microsoft.com/library).
Wise Package Studio Tools
135
Advertisement
Table of Contents
Need help?
Do you have a question about the WISE PACKAGE STUDIO 8.0 - REFERENCE V1.0 and is the answer not in the manual?