Inno Setup Signature Tool

Inno Setup includes a command-line tool, ISSigTool.exe. This tool is designed to sign files using ECDSA P-256 cryptographic signatures.

Note: ISSigTool.exe does not replace Microsoft's signtool.exe in any way and is in fact not related to Authenticode Code Signing at all. If you are looking for more information about this topic see SignTool instead.

Command line usage is as follows:

issigtool [options] <command> <arguments>

Available commands:

sign <file names>	Signs each specified file. Requires a private key.
verify <file names>	Verifies the signature of each specified file against the key.
export-public-key <file name>	Exports the public key used in the signing process to the specified file.
generate-private-key	Generates a new private key for signing operations.

Valid options are:

--key-file=<filename>	Specifies the private key filename required for signing. This option overrides the `ISSIGTOOL_KEY_FILE` environment variable which can also be used.
--quiet, -q	Suppresses status messages that are normally printed to standard output.
--help, -?	Prints usage information.

Examples:

issigtool --key-file=MyKey.isprivatekey generate-private-key
issigtool --key-file=MyKey.isprivatekey sign MyProg.dll
issigtool --key-file=MyKey.isprivatekey export-public-key MyKey.ispublickey
issigtool --key-file=MyKey.ispublickey verify MyProg.dll

Exit codes:

0	Success
1	A signature verification failed
2	Command line parameters were invalid or a fatal error occurred

Notes:

Filenames that include spaces must be enclosed in quotes.
Ensure the private key file is secure, as its compromise can affect the validity of your signatures.