New Features in R2
InstallShield 2023 R2 Express Edition includes the following new features:
| • | Ability to Configure Custom Signing Solution for Digital Signing |
| • | Ability to Store Token Password for EV Digital Signing |
Ability to Configure Custom Signing Solution for Digital Signing
InstallShield 2023 R2 Express Edition introduces new signing type settings that enable you to select and configure a custom signing solution to digitally sign build-generated files.
These settings are required only if the customer would like to use a custom signing solution instead of the InstallShield Express Edition standard signing solution. Selecting the Custom signing type enables additional fields where a custom signing utility path and arguments can be configured. To configure a custom signing solution, you can use the following new settings available in the Signing tab for a release in the Releases explorer on the Media view:
| • | Signing Type—This setting enables you to specify the method to digitally sign build-generated files. The available options for this setting are: |
| • | Standard—Select this option to use the default InstallShield Express Edition sign tool to digitally sign build-generated files. |
| • | Custom—Select this option to use a customized sign tool to digitally sign build-generated files. Selecting this option enables the Path and Arguments settings. |
| • | Path—Specify the sign tool's location to digitally sign build-generated files by using that sign tool. To specify sign tool's location, click the ellipsis button (...) in this setting. |
| • | Arguments—Specify the command-line argument for a sign tool’s configuration. For example, the command-line argument below can be used if the Microsoft built-in signing tool is configured as a custom option to sign the binaries: |
sign /fd SHA256 /f "<ProgramFilesFolder>\testCA.pfx" /t http://timestamp.digicert.com /p MyPassword [filename]
Note:A custom signing tool path uses <ProgramFilesFolder>\Windows Kits\10\bin\<WinSDKVer>\x86\signtool.exe.
The [filename] variable is a place holder for the full file path to be signed. It resolves to the full path of the binary file to be signed during build time. By default, a file path will be added at the end of an argument and passed to a custom sign tool. Instead of using a hard-coded path, you can use any path variables and environment variables that are defined in your project.
Note:By default, the Signing Type setting is set to Standard.
Ability to Store Token Password for EV Digital Signing
InstallShield 2023 R2 Express Edition now provides an option to encrypt and store an EV token password in a project file. Prior InstallShield Express Edition versions supported EV certificates via the Use a certificate store option. However, when using this option, the user would be asked for the token password each time the file is signed with an EV certificate.
There is also an option called Enable single logon that comes with an EV vendor which would restrict user interventions per session with only one token password request. Configuring the token password in the InstallShield Express Edition signing tab will continue to work until the password expires. The token password can be changed using the the InstallShield Express Edition IDE.
For more information, see the following sections in InstallShield Express Edition product documentation:
| • | Signing Tab |
| • | Digital Signature Tab |
| • | Digitally Sign Setup Dialog Box |