I have an application that will initially be downloaded and installed by the user.
To update the application the application itself will
- Check if a new version exists
- If so download the new version (A setup.exe file created by installshield le bundled with vs2010)
- Application then starts a new System.Diagnostics.Process to install the new software (Currently running software is shutdown, uninstalled and new version installed by Installshield)
I want to be able to be sure that the exe is trusted to protect against any webservice hack.
What is the best way to achieve this? I need the verification to happen within my c# .net wpf application.
You need to buy an authenticode code signing certificate from a trusted authority (we used godaddy, but there’s loads of others out there), and use it to sign all executables in your installer
(as a post-build task with signtool.exe)(see here for details) and the installshield generated installer when you build your setup package.When your update process downloads the new installer package, you might choose to check that the signature is trusted at that point prior to deploying it.