2

Let me explain my dilemma. I have my main software that has an option to install a smaller module of the software by letting a user save its MSI installer and later run it on a remote computer.

That MSI installer is originally digitally signed by my code-signing certificate.

The issue I have is how to pass some minimum data in that MSI that can be generated dynamically from the main app? Stuff like registration name and some minimum software-related parameters that a user chose via the UI.

First I thought to modify the MSI contents dynamically from the app, but that would break the digital signature. (I obviously can't re-sign it since I'm not willing to expose my private key for the digital certificate in that app.)

So at this point, I'm curious, if there's any part of the MSI file that are not affected by the digital signature? I know that file name is not affected, but that won't give me much wiggle room to add my data.

Improve this question

2 Answers 2

Reset to default
2

I'm convinced you can't circumvent a signed file because that would be a huge security issue. What tool are you using to build your MSI? That affects this too.

There are a couple of choices that should work if this is something you can do at install time, however it's not clear exactly what the data is and where you'd have it in the MSI file.

  1. A custom action can collect data and populate existing tables (e.g. Registry) at install time, the result being that the in-memory MSI database makes the changes you need when it installs the product.

  2. Normally you'd create a transform file (a .mst file) and install the MSI with the TRANSFORMS=[mst file] but it's possible that the mst file would need signing to be installed with a signed MSI, but I'm not sure about that. That's an easy test though - use Orca to generate a mst file that changes something in the Property table then install the MSI with TRANSFORMS=..... and see if it disallows the unsigned transform.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

You can't modify a single byte inside MSI without breaking the digital signature, because that's exactly the purpose of the signature - to ensure that the content is not modified. Note that it's not specific to MSI, but to any signed file actually.

As an idea, if you don't want to "give" you private key to the customers, you can consider generating the MSI on the server (and keeping the key private key on the server) maybe?

Improve this answer

3 Comments

Well, that exposes it as well. If I provide this server-side signing, someone can just connect to it and sign their file. Kinda the same thing as exposing a private key.
You could use authentication.. means, user must be identified before using the service.
No. That's too complicated. Users will have to register on the server and then log in to it just to install this small feature.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.