I am attempting to automate our code signing process in Inno Setup. Unfortunately we have a fairly strict protocol on the .pfx and password distribution, and only one person on the project can have access to it.
This would not be a problem in itself if all of the installs were compiled on that persons machine. SignTool could be set up in the IDE and, the password would remain secure on the users PC. However, we use a shared machine to compile our builds, so we cannot set the SignTool up as we cant leave that password so readily accessible. There are various reasons for this and cannot be altered.
What I would like to do is have Inno pop up an "Enter .pfx Password" dialogue after the compile is complete.
At current, my thinking is either to get Inno setup to request authentication, which I do not know how to do, or to write a small script which compiles the setup, and signs it outside of Inno setup. The later I could do relatively easily, but due to the nature of our workflow, it would be better all round if Inno setup could be harnessed for this.
Can anybody help me in getting Inno Setup to request a SignTool password for the .pfx file?
signwizard
command, that will launch signing wizard which will prompt for password if needed. But consider what would all of you do when you compile the script by yourself. Would you call the boss for entering the password ? I would be for the latter idea you've mentioned and let the members of your team compile the unsigned installer and once you'll be done, let the boss sign it (from outside the InnoSetup). – TLama