Digital Signatures and Integrity Check

whittakerdon · 3rd April 2014, 15:16

Hi All,

I have someone downloading an NSIS installed application and keeps getting errors regarding integrity checks. I am hypothesizing that this may be a result of my digital signature which adds 8kbs to the filesize. Does anyone know if the digital signature is added to the integrity check file size or not. If not, can you advise me on how to accommodate the signature in the integrity check?

Much Obliged,
Don

Anders · 3rd April 2014, 20:54

Who adds this signature? NSIS does not care about extra data appended to the end of the .exe unless you recompile makensis with a special setting.

If the creator of the setup adds this signature then I assume that they tested the installer and that it works correctly...

Theresias · 13th April 2014, 07:20

Check which virus scanner they are using. We are seeing issues like that with some like Trend Micro, especially the Enterprise versions mess up downloaded files if they find something suspicious during the download. There is no notice to the end user, TM just "disinfects" the file which then results in the above issues.

Another approach, make them download a ZIP which contains the installer and see if that works fine. Thats our workaround for such cases and it appears to be an easy fix since TM themselves is unable/unwilling to fix the issues on their end.

Background; TM seems to be not willing to change their heuristics but instead are whitelisting files. That works for a while once their update is pushed and unless you aren't updating your application.

3rd April 2014, 15:16	#1
whittakerdon Junior Member Join Date: Apr 2014 Posts: 1	Digital Signatures and Integrity Check Hi All, I have someone downloading an NSIS installed application and keeps getting errors regarding integrity checks. I am hypothesizing that this may be a result of my digital signature which adds 8kbs to the filesize. Does anyone know if the digital signature is added to the integrity check file size or not. If not, can you advise me on how to accommodate the signature in the integrity check? Much Obliged, Don

3rd April 2014, 20:54	#2
Anders Moderator Join Date: Jun 2002 Location: ${NSISDIR} Posts: 5,355	Who adds this signature? NSIS does not care about extra data appended to the end of the .exe unless you recompile makensis with a special setting. If the creator of the setup adds this signature then I assume that they tested the installer and that it works correctly... IntOp $PostCount $PostCount + 1

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

13th April 2014, 07:20	#3
Theresias Junior Member Join Date: Jun 2006 Posts: 48	Check which virus scanner they are using. We are seeing issues like that with some like Trend Micro, especially the Enterprise versions mess up downloaded files if they find something suspicious during the download. There is no notice to the end user, TM just "disinfects" the file which then results in the above issues. Another approach, make them download a ZIP which contains the installer and see if that works fine. Thats our workaround for such cases and it appears to be an easy fix since TM themselves is unable/unwilling to fix the issues on their end. Background; TM seems to be not willing to change their heuristics but instead are whitelisting files. That works for a while once their update is pushed and unless you aren't updating your application.