Digital signature problem: Error 1330 / 266 on disk1.cab

[jwest]

A user of mine is having a problem installing my software.

He gets the following error when he tries to install:

Product: MyProgram -- Error 1330: Cabinet file c:\users\username\AppData\Roaming\MyCompany\MyProgram\install\disk1.cab has an invalid digital signature. Error 266 was returned by WinVerifyTrust.

My user's helpdesk had this to say:

"During the install the cab file gets extracted from the original executable installer file. This particular file (the .cab) does not have a valid certificate. (But the original executable installer file does)"

I'm running Advanced Installer 11.8.

I have the "Enable signing" option checked on the digital signature tab of Advanced Installer 11.8. I'm using a certificate from disk (a pfx file that is valid until 2018).

I did not check use SHA256 as digest algorithm.

At the bottom of the Digital Signature tab I have the following information showing which files will be signed:

Code: Select all

Files configured for signing

Output files of default build:

MyProgram-Signed.exe
MyProgram-Signed.msi
MyProgram-Signed.cab

Files from project

APPDIR\MyProgram.dll

There is no mention of disk1.cab getting signed.

The Installer's .exe appears to be correctly signed.

Does anyone know why disk1.cab is not being signed properly (or why it fails the digital signature test when the Windows Installer tries to extract the cab from the installer executable)?

Thanks.

[Dan]

Hello,

There are several reasons why you may get this error:

• When the target machine has no internet connection and Windows Installer fails to verify online the digital signature. Since Windows installation is unable to contact the certificate provider that can verify the installer’s security certificate, it will prompt with that error during installation.
• When is not be possible to compute the digital signature. This usually happens when you are using a SHA256 certificate or a SHA256 signature algorithm as a digest algorithm at signing time. Setup packages signed with a SHA256 certificate or digest algorithm will not have their digital signature recognized on XP and Vista operating systems. There is an official Windows issue regarding the computation failure of SHA256 certificates on Vista operating systems. So, if your setup package still targets Windows XP and Windows Vista operating systems it is recommended to disable the option "Sign only for modern operating system (Windows 7 or newer)"from Digital Signature Page.
• When the CAB file has a large size. On Windows XP and Windows Server 2003 there is an operating system bug which consists in the operating system inability to compute the digital signature of the large installation files. So, if your setup package still targets Windows XP and Windows Server 2003 operating systems, as a workaround you can package your installation files into multiple CAB files of a smaller size (e.g. 64 MB) by using our Multiple volumes option.

Let us know if that helped.

Best regards,
Dan

[jwest]

I updated to AI 12.7 and installed the Win 8.1 SDK to get the latest signtool and it seems to have worked.

[Dan]

Hello,

I'm glad you got this working.
Should there be any difficulty you encounter implementing something, please do not hesitate to contact me and I will gladly assist.

Best regards,
Dan