Authoring a Fully Verified Signed Installation Using Automation
The following sample demonstrates how to populate the MsiDigitalCertificate table and MsiDigitalSignature table by using a Visual Basic for Applications (VBA) subroutine. For more information about securing Windows Installer packages see Guidelines for Authoring Secure Installations.
The FileSignatureInfo method returns a SAFEARRAY of bytes. For more information, see the SAFEARRAY Data Type. The data from this array must be converted to Unicode because Visual Basic does not have a way to write bytes straight into a file. The SetStream method can then use the file of converted data to write stream data into a specified record field of a Record object. Note that conversion of the byte data to Unicode can potentially change the data and that the converted data must match the original data for correct signature verification. The package author must ensure that the original and converted data match.
Sub PopulateDigitalSignature()
Dim Installer As Object
Dim Database As Object
Dim x() As Byte
Const szSignedCabinet = "c:\test.cab"
Const szCertFile = "c:\temp\test.cer"
Const szDatabase = "c:\test.msi"
Set Installer = CreateObject("WindowsInstaller.Installer")
x = Installer.FileSignatureInfo(szSignedCabinet, 0, msiSignatureInfoCertificate)
Dim fs, ts
Dim s As String
Set fs = CreateObject("Scripting.FileSystemObject")
Set ts = fs.CreateTextFile(szCertFile, True) 'Create a file
s = StrConv(x, vbUnicode)
ts.Write s
ts.Close
Set Database = Installer.OpenDatabase(szDatabase, msiOpenDatabaseModeTransact)
Set ViewCert = Database.OpenView("SELECT * FROM `MsiDigitalCertificate`")
ViewCert.Execute 0
Set ViewSig = Database.OpenView("SELECT * FROM `MsiDigitalSignature`")
ViewSig.Execute 0
Set RecordCert = Installer.CreateRecord(2)
RecordCert.StringData(1) = "Test"
RecordCert.SetStream 2, szCertFile
ViewCert.Modify msiViewModifyInsert, RecordCert
Set RecordSig = Installer.CreateRecord(4)
RecordSig.StringData(1) = "Media"
RecordSig.StringData(2) = "1"
RecordSig.StringData(3) = "Test"
ViewSig.Modify msiViewModifyInsert, RecordSig
Database.Commit
fs.DeleteFile(szCertFile)
End Sub