INFO: Digital Signature Support in Windows Installer 2.0

Article translations Article translations
Article ID: 304111
This article was previously published under Q304111
Expand all | Collapse all

Summary

Version 2.0 of Windows Installer supports use of digital signatures to detect corrupted resources during an installation. The digital signatures can be used with Windows Installer packages, transforms, patches, merge modules, and external cabinet files.

More information

Digital signature support allows a package author or administrator to be sure that the proper files are used during an installation and that those files are not corrupted. It does not provide the ability for a package to automatically be run with elevated permissions. For additional information on how to run an .msi package with elevated permissions, click the article number below to view the article in the Microsoft Knowledge Base:
259459 HOWTO: Allow Users Who Are Not Administrators to Install MSI Packages
Windows Installer 2.0 can only verify the digital signatures of cabinet files that are external to the .msi file. The verification of the digital signatures is accomplished through the use of the MsiDigitalSignature and MsiDigitalCertificate tables. There is no need to sign internal cabinet files because they are considered part of the .msi file. By signing the MSI file, you have signed any internal cabinet files and binary streams.

If an administrative installation is run, the digital signature is removed from the .msi package. In this case, the administrator can re-sign the .msi package on the network share.

Applying a patch to an administrative installation also removes the digital signature. The administrator can resign the .msi package in this scenario as well.

References

Windows Installer SDK Help, which is available from the following Microsoft Web site:
Windows SDK Components for Windows Installer Developers

Properties

Article ID: 304111 - Last Review: July 20, 2012 - Revision: 2.0
Keywords: 
kbDSupport kbinfo kbmsifaq KB304111
Retired KB Content Disclaimer
This article was written about products for which Microsoft no longer offers support. Therefore, this article is offered "as is" and will no longer be updated.

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com