Inno Setup Signature Tool

Inno Setup includes a command-line utility, ISSigTool.exe. This utility is designed to sign files using ECDSA P-256 cryptographic signatures.

Command line usage is as follows:

issigtool [options] <command> <arguments>

Available commands:

sign <file names>	Signs each specified file. Requires a private key.
verify <file names>	Verifies the signature of each specified file against the key.
export-public-key <file name>	Exports the public key used in the signing process to the specified file.
generate-private-key	Generates a new private key for signing operations.

Valid options are:

--key-file=<filename>	Specifies the private key filename required for signing. This option overrides the `ISSIGTOOL_KEY_FILE` environment variable which can also be used.
--allow-overwrite, -o	Allow to overwrite existing files.
--quiet, -q	Suppresses status messages that are normally printed to standard output.
--help, -?	Prints usage information.

Examples:

issigtool --key-file="MyKey.isprivatekey" generate-private-key
issigtool --key-file="MyKey.isprivatekey" sign "MyProg.dll"
issigtool --key-file="MyKey.isprivatekey" export-public-key "MyKey.ispublickey"
issigtool --key-file="MyKey.ispublickey" verify "MyProg.dll"

Exit codes:

0	Success
1	A signature verification failed
2	Command line parameters were invalid or a fatal error occurred

Notes:

Filenames that include spaces must be enclosed in quotes.
Ensure the private key file is secure, as its compromise can affect the validity of your signatures.