[Setup]: SignedUninstaller

Valid values:

Default value:

yes if a SignTool is set, no otherwise
Description:

Specifies whether the uninstaller program (unins???.exe) should be deployed with a digital signature attached. When the uninstaller has a valid digital signature, users will not see an "unknown publisher" warning when launching it.

The first time you compile a script with this directive set to yes, a uniquely-named copy of the uninstaller EXE file will be created in the directory specified by the SignedUninstallerDir directive (which defaults to the output directory). Depending on the SignTool setting, you will either then be prompted to attach a digital signature to this file using an external code-signing tool (such as Microsoft's signtool.exe) or the file will be automatically signed on the fly. On subsequent compiles, the signature from the file will be embedded into the compiled installations' uninstallers.

Upgrading to a newer version of Inno Setup, or changing certain [Setup] section directives that affect the contents of the uninstaller EXE file (such as SetupIconFile and VersionInfo directives), will cause a new file to be created under a different name.

If a file generated by this directive is deleted, it will be recreated automatically if necessary on the next compile.

When the uninstaller has a digital signature, Setup will write the messages from the active language into a separate file (unins???.msg). It cannot embed the messages into the EXE file because doing so would invalidate the digital signature.

When set to yes, any temporary self-copies used by Setup are digitally signed too.

Details on obtaining signing certificates and using code-signing tools are beyond the scope of this documentation.