2. NSIS Discussion
  3. Installation file signature

Archive: Installation file signature


klaabu
12th May 2003 09:47 UTC

Installation file signature
Hi all the NSIS developers!

I have a question regarding installation exe-file and adding a signature to it. The point is that I added a feature to my product which allows it to upgrade itself. It's done in a simple way - it just finds the file on the network, downloads and executes it with silent option (/S) and the installation script with some help from accompanying dll knows what to do. It works as I want it to work but the only thing I want to add to it is a small signature somewhere which confirms that it is really the correct file and correct version. What's the best way to do it? I was thinking about just adding the signature as a file to the project and then the application could extract (the same way as the exe header is doing it) it itself after downloading and then check it to be sure that it it's not a random file being executed.
Has anyone done it or can anyone maybe even give some hints how to do it in a better/easier way?
Thanks in advance!
/Allan

P.S. My best wishes to the developers of the NSIS! It's a great piece of software and I never want to use InstallShield again.

Yathosho
12th May 2003 12:29 UTC

i bet md5 is documented out well enough to implement it in any way :)

klaabu
12th May 2003 12:49 UTC

Thanks for the hint. MD5 is my old friend. I just hoped that there is an easier way to do the check or even some readymade contributional utility.

kichik
12th May 2003 12:55 UTC

Hi klaabu, welcome to the forum!

MD5 is a good idea indeed. You can use this plug-in to get the signature of the downloaded file and this program to get MD5 hash on your computer. You'd probably want to get a command line MD5 version and add this few lines to your script to automate the process:

!system "echo !define MD5hash \ > md5.nsh" = 0
!system "md5 mydl.dat >> md5.nsh" = 0
!include md5.nsh
# ${MD5hash} now contains the requested MD5 hash


P.S. My best wishes to the developers of the NSIS! It's a great piece of software and I never want to use InstallShield again.
Thanks :D

Fork me on GitHub