Search code examples
nsis

How can I sign the files using NSIS?

How can I sign the files using NSIS?

We changed WIX installer to NSIS.

Earlier in the WIX installer it was used like as shown below in the .xml file to sign the files.

<property name="FileSigningDrive" location="${env.FILE_SIGNING}"/>

        <!--echo message="Signing Setup.exe ....." />
        <exec dir="${FileSigningDrive}\" 
              executable="${FileSigningDrive}\signcode.exe" failonerror="true">
          <arg value='-spc' />
          <arg value='mycredentials.spc' />
          <arg value='-v' />
          <arg value='testkey.pvk' />
          <arg value='-t' />
          <arg value='http://timestamp.verisign.com/scripts/timpstamp.dll' />
          <arg value='"${install}\RootCDDir\setup.exe"'  />
        </exec-->

Similarly, how to sign the files in NSIS?

Solution

  • You can sign the installer by executing a command of your choice with !finalize:

    !finalize 'signcode -t http://example.com/timestamp "%1"' = 0 ; %1 is replaced by the install exe to be signed.

    Signing the uninstaller is a bit annoying and requires you to generate the uninstaller and then signing it.