Archive: CustomerData append and Authenticode


CustomerData append and Authenticode
So I was excited that I was able to append a string to an EXE on download, and read that string back in on install. But now I've discovered that appending data seems to invalidate Authenticode signing. Does anyone know how to pass data on the fly to the downloaded EXE from a web session and not break the signing of the binary?

Thanks!


Part of Authenticode's purpose is to keep the file unmodified, so there shouldn't be any magic trick that'd allow you to modify the file regardless unless you're willing to both modify and sign the file for every customer. It seems like you'll have to find another trick. You can consider having the installer itself get this data using one of the HTTP plug-ins.


Agreed. Though it would be really nice for the Authenticode system to allow for some sort of DMZ or unsigned sandbox in which to safely move data through while maintaining the sanctity of the signing.

You know, like appending data to an NSIS EXE after EOF and not messing up NSIS's CRC ;-)