如何编码签名.MSI文件 [英] How to Code sign .MSI file

问题描述

您好，



我使用VC ++在MFC中创建了一个应用程序，并使用visual studio 2010部署项目创建了设置。它创建.exe和.msi文件。

我已经购买了数字代码签名证书并签署了setup.exe文件。



什么是我的scenrio是.msi文件已打开我的服务器位置，我已使用.msi URL设置部署项目的安装URL属性。



现在我的问题是当我运行setup.exe时文件下载.msi文件并安装它。但在安装之前，它会显示弹出窗口，并显示以下消息：



发布者未经过验证。是否确定要运行此软件？



名称：myapplication.msi

发布者：未知发布者





所以有人可以帮我设置出版商吗？我已经购买了代码签名数字证书。但不知道如何签署.msi文件。请帮帮我。





提前致谢。

Hello,

I have created one application in MFC with VC++ and created setup using visual studio 2010 deployment project. It create the .exe and .msi file.
I have purchased the digital code sign certificate and sign the setup.exe file.

What is my scenrio is .msi file is on my server location and I have set the "Install URL" property of deployment project with .msi URL.

Now what is my issue is when I run the setup.exe file it download the .msi file and going to install it. but before install it show the popup with following message :

"The publisher cound not be verified. Are oyu sure you want to run this software? "

Name : myapplication.msi
Publisher : Unknown publisher


so can anybody help me how to set publisher? I have purchaed the code sign digital certificate. but not sure how to sign .msi file with that. please help me on this.


Thanks in advance.

推荐答案

没有人可以帮助您设置可以验证的发布者，除非您向某个证书颁发机构发送信息： http://en.wikipedia.org / wiki / Certificate_authority [ ^ ]。



这会花钱。



最有可能的是，你使用了自签名证书。如果某个知道您的人（例如，您的开发团队成员）使用它并且谁独立地接收了公钥或公钥令牌，那么这很好。然后你有一个可靠的方法来确认MSI是由你而不是某个恶意艺术家签名的，因为只有你拥有你在创建证书时获得的私钥。这是整个想法。



如果MSI的用户是常规用户，则不是这种情况。对于这样的人，你和一些可能欺骗你网站的恶意艺术家（例如）同样可能是原创作者。出于这个原因，已经创建了证书链系统。



参见：

http://en.wikipedia.org/wiki/Self-signed_certificate [ ^ ]，

http://en.wikipedia.org/wiki/Identity_certificate [ ^ ]，

http://en.wikipedia.org/wiki/Public- key_cryptography [ ^ ]。

-SA

Nobody can help you to set a publisher which can be verified unless you address to some certificate authority: http://en.wikipedia.org/wiki/Certificate_authority[^].

This will cost money though.

Most likely, you used self-signed certificate. This is fine if it is used by some person who knows you (for example, a member of your development team) and who received a public key or public key token independently from you. Then you have a reliable way to confirm that the MSI is signed by you and not by some malicious artist, because only you posses the private key you obtained while creating the certificate. This is the whole idea.

This is not the case if the user of MSI is the regular uses. For such person, both you and some malicious artist who could spoof you Web site (for example) could equally be an original author. For that reason, the system of certificate chains has been created.

See also:
http://en.wikipedia.org/wiki/Self-signed_certificate[^],
http://en.wikipedia.org/wiki/Identity_certificate[^],
http://en.wikipedia.org/wiki/Public-key_cryptography[^].

—SA

这篇关于如何编码签名.MSI文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！