If you want them to trust your setup, you may have to sign it...

by Michael S. Kaplan, published on 2013/02/06 07:01 -05:00, original URI: http://blogs.msdn.com/b/michkap/archive/2013/02/06/10391423.aspx

I got mail yesterday from John Hudson and Christopher Hooker about the Microsoft Keyboard Layout Creator and Windows 8:

I have noticed that the installer programs for the
Biblical Hebrew keyboards are causing problems in
Windows 8. They still work, but  one must go through
some rather dire security warnings to complete the
installation, including one place where the option to
proceed is hidden. To make this a bit easier, do you
have a way of signing the app that would remove

I so love it when they put the answer and embed it in the question that way! :-)

Anyone can sign the binaries used in a setup program -- in this case the three that can be signed are:

  1. The setup.exe bootstrapper
  2. The Windows Installer MSI file
  3. The keyboard DLLs

But MSKLC itself does not get in the signing business -- that's between you and your code signing authority (Verisign, maybe?).

If you want the setup to have a security warning that prominently displays your company name, you can sign the files!

It just tells people where the package is coming from, and if they trust you they'll accept it. :-)


PKI on 7 Feb 2013 5:11 AM:

They don't have to trust me but the many certificate authorities from the Microsoft Root Certificate program. Like in the past: Diginotar, T├╝rktrust, Comodo, Microsoft...

Joshua on 9 Feb 2013 2:24 PM:

What the freak is T├╝rktrust doing in there? Like we trust the increasing fundamentalist Arab nations to not take advantage of this to attack us.

go to newer or older post, or back to index or month or day