是否可以使用sha1和sha256证书对安装程序和卸载程序进行双重签名? [英] Is it possible to dual-sign installer and uninstaller with sha1 and sha256 certificates?

问题描述

在Inno Setup中是否可以同时使用sha1和sha256对卸载程序和安装程序进行签名?

Is it possible in Inno Setup to sign the Uninstaller and Installer with sha1 and sha256 at the same time?

我知道这是可以通过命令工具使用两个证书对可执行文件进行签名，但想知道是否在Inno中使用SignTool可以实现.

I know that it is possible to sign the Executable with both certs via command tool, but want to know if this is possible to achieve with SignTool in Inno.

推荐答案

自动应答...

是的，这是可能的.按照@Wosi的建议，您可以编写一个批处理，然后在添加了$f参数的情况下调用它.

Yes, this is possible. As @Wosi suggested you can write a batch and then call it with $f parameter added.

样本批次(signtool.bat):

Sample batch (signtool.bat):

@echo off

"PATH_TO_SIGNTOOL\signtool.exe" sign /v /du "COMPANY_NAME" /fd sha1 /t "http://timestamp.verisign.com/scripts/timstamp.dll" /f "sha1_cert.pfx" /p PASSWORD %1

set SIGN_RESULT_1=%ERRORLEVEL%

"PATH_TO_SIGNTOOL\signtool.exe" sign /as /v /du "COMPANY_NAME" /fd sha256 /tr "http://timestamp.comodoca.com/rfc3161" /td sha256 /f "sha256_cert.pfx" /p PASSWORD %1

set SIGN_RESULT_2=%ERRORLEVEL%

set /a RESULT=%SIGN_RESULT_1%+%SIGN_RESULT_2%

if %RESULT% NEQ 0 (
   echo Warning! Signing failed with %SIGN_RESULT_1% for sh1 and %SIGN_RESULT_2% for sha256
   pause
   exit /B %RESULT%
) 

echo Signing succeeded
exit /B 0

然后在Inno Setup中，您可以调用signtool.bat $f，其中$f将传递给%1以进行批处理.

Then in Inno Setup you can call signtool.bat $f where $f will be passed to %1 for the batch.

对于Windows XP与 sha1 的兼容性:删除了/as，用/t替换了/tr，删除了/td(因为它需要/tr)

For Windows XP compatibility for sha1: removed /as, /tr replaced with /t, removed /td (as it requires /tr)

我会把它留在这里，也许有人会觉得有用.

I will leave it here as maybe someone could find it helpful.

这篇关于是否可以使用sha1和sha256证书对安装程序和卸载程序进行双重签名?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！