How to Digitally Sign Installer and Uninstaller with Inno Setup

It is important to digitally sign the installer and uninstaller of your software, but also the .tmp file executed by the installer and uninstaller. Else it may be blocked by OSArmor and other security programs that block the execution of unsigned processes.

If you use Inno Setup to create the installer of your software you can follow these steps to digitally sign the installer, uninstaller (i.e unins000.exe) and also the .tmp file executed by the installer and uninstaller during installation or uninstallation:

1) Open Inno Setup

2) Click on Tools -> Configure Sign Tools…

3) Click on Add and assign it a name like: sha256

4) On the “Command of the Sign Tool” use something like this:

cmd.exe /c cd "C:\Program Files (x86)\Windows Kits\8.1\bin\x64" &signtool.exe sign /sha1 YOURSHA1CODESIGNHASH /fd sha256 /tr TIMESTAMPURL /td sha256 /as /v $f


5) Click on “OK” to save the settings

6) On the program .iss setup file on [Setup] section add:


7) Now compile the .iss file

It should ask you two times the password for the code sign USB token.

So also the .tmp setup file will be digitally signed.