Inno Setup Signature Tool

Inno Setup includes a command-line utility, ISSigTool.exe. This utility is designed to sign files using ECDSA P-256 cryptographic signatures.

Command line usage is as follows:

issigtool [options] <command> <arguments>

Available commands:

sign <file names> Signs each specified file. Requires a private key.
verify <file names> Verifies the signature of each specified file against the key.
export-public-key <file name> Exports the public key used in the signing process to the specified file.
generate-private-key Generates a new private key for signing operations.

Valid options are:

--key-file=<filename> Specifies the private key filename required for signing. This option overrides the ISSIGTOOL_KEY_FILE environment variable which can also be used.
--allow-overwrite, -o Allow to overwrite existing files.
--quiet, -q Suppresses status messages that are normally printed to standard output.
--help, -? Prints usage information.

Examples:

issigtool --key-file="MyKey.isprivatekey" generate-private-key
issigtool --key-file="MyKey.isprivatekey" sign "MyProg.dll"
issigtool --key-file="MyKey.isprivatekey" export-public-key "MyKey.ispublickey"
issigtool --key-file="MyKey.ispublickey" verify "MyProg.dll"

Exit codes:

0 Success
1 A signature verification failed
2 Command line parameters were invalid or a fatal error occurred

Notes: