Valid values: | |
Default value: | |
Description:
Specifies whether the uninstaller program (unins???.exe) should be deployed with a digital signature attached. When the uninstaller has a valid digital signature, users will not see an "unknown publisher" warning when launching it.
When set to yes, any temporary self-copies used by Setup are digitally signed too.
If the SignTool directive is set, the file will be signed automatically on the fly. Otherwise:
- The first time you compile a script with SignedUninstaller set to yes, a uniquely-named non-temporary copy of the uninstaller EXE file will be created in the directory specified by the SignedUninstallerDir directive (which defaults to the output directory).
- You will then be prompted to attach a digital signature to this file using an external code-signing tool (such as Microsoft's signtool.exe).
- On subsequent compiles, the signature from the file will be embedded into the compiled installations' uninstallers, without prompting you.
- If you delete the file, you will be prompted again if necessary on the next compile.
- Upgrading to a newer version of Inno Setup, or changing certain [Setup] section directives that affect the contents of the uninstaller EXE file (such as SetupIconFile and VersionInfo directives), will cause a new file to be created under a different name.
When the uninstaller has a digital signature, Setup will write the messages from the active language into a separate file (unins???.msg). It cannot embed the messages into the EXE file because doing so would invalidate the digital signature.
Details on obtaining signing certificates and using code-signing tools are beyond the scope of this documentation.