What is an Inno Setup?Digitally Sign Installer and Uninstaller with Inno Setup

Inno Setup Installer Signing

The integrity and security of your software installation are incredibly crucial. One essential step towards achieving this is digitally signing your installer and uninstaller.

Inno Setup, a widely-used script-driven installation system, offers a seamless solution for developers to incorporate digital signatures into their setup programs.

In this guide, we will learn how to sign your installer and uninstaller using Inno Setup digitally. By following these steps, you can enhance trust, prevent execution blocks, and provide a seamless installation experience for your users.

Get ready to seal your software installation with digital signatures!

What is an Inno Setup?

Inno Setup is a popular and widely used free script-driven installation system for creating Windows installers. It provides an easy-to-use and flexible platform for software developers to package their applications into setup programs that can be easily distributed and installed on Windows operating systems.

Inno Setup offers a powerful scripting language that allows developers to customize various aspects of the installation process, such as creating shortcuts, adding registry entries, installing files, configuring components, and more.

With Inno Setup, developers can create professional-looking installers with support for multiple languages, automatic uninstallation, version checking, file compression, digital code signing, and integration with third-party tools and libraries. It provides a comprehensive set of options and commands for different installation scenarios and requirements.

Inno Setup has gained popularity due to its simplicity, reliability, and extensive documentation. It has a large community of users and developers who actively contribute to its development and provide support through forums and online resources.

Importance of Digital Signing for Software Installers and Uninstallers

Securing the digital signature of your software installer, uninstaller, and associated .tmp files is crucial to prevent potential blocks by security programs like OSArmor. Unsigned processes may face execution restrictions, hindering your software’s smooth installation or uninstallation.

Suppose you are utilizing Inno Setup to create your software installer.

In that case, you can follow these steps to digitally sign the installer, uninstaller (e.g., demo.exe), and the .tmp files executed during installation or uninstallation:

Step 1: To proceed, you have to launch Inno Setup.

Launch Inno Setp Compiler

Step 2: Go to Tools and select “Configure Sign Tools

Configure Sign Tools Inno Setup

Step 3: Click on Add and Assign a name, such as “sha256” or “MS Sign

Configure SignTools

Step 4: In the “Command of the Sign Tool” field, enter a command similar to the following:

"C:\Program Files (x86)\Windows Kits\8.1\bin\x64" & signtool.exe sign /sha1 YOURCODESIGNINGHASH /fd sha256 /tr TIMESTAMPURL /td sha256 /as /v $f

QUICK NOTE: Replace YOURCODESIGNINGHASH and TIMESTAMPURL with the appropriate values.

Step 5: Save the settings by clicking “OK

Step 6: In the [Setup] section of your .iss setup file, add SignTool=sha256

Step 7: Compile the .iss file.

During the compilation process, you will be prompted twice to enter the password for the code sign USB token.

By following these steps, your software installer, uninstaller, and the associated .tmp files will be digitally signed, ensuring their authenticity and smooth execution.

Result Will be like:

Inno Setup Signed EXE
Best Code Signing Certificates

Janki Mehta

Janki Mehta is a Cyber-Security Enthusiast who constantly updates herself with new advancements in the Web/Cyber Security niche. Along with theoretical knowledge, she also implements her practical expertise in day-to-day tasks and helps others to protect themselves from threats.