I have created the setup of a Windows Forms application. After installing this setup in Windows 7, it displays something like this:
Name: my application.exe
Pu
You need to digitally sign the output code. I can start you off with the article Signing and Checking Code with Authenticode.
The whole purpose of this is to guarantee your code has not been tampered with. If you purchase a code signing certificate from one of the certificate authorities, you can prevent the "do you trust this" window from appearing at all.
It's not a simple task to set up, but it can be performed with a script once it's up and going.
You won't find a simple, quick-fix answer.
Here's a cut and paste of the most relevant sections. You may need to read further to get exactly what you want.
Use the MakeCert test program to generate a test X.509 certificate. MakeCert performs the following tasks:
The following is an example that creates a certificate using the Microsoft Internet Explorer 3.02 UPD options:
MakeCert -k:c:\KeyStore\MyKey.pvk -n:CN=MySoftwareCompany Cert.cer
In this example, a certificate file called Cert.cer is created. The public part of the key pair called MyKey is bound to the publisher, MySoftwareCompany.
After you have generated a certificate, you can create an software publishing certificate with the Cert2SPC program. This program wraps multiple X.509 certificates into a PKCS #7 signed-data object. Note that this program is for test purposes only. A valid software publishing certificate is obtained from a certificate authority. Here is an example:
Cert2SPC MyCert.cer MyCert.spc
This wraps an X.509 certificate, MyCert.cer into a PKCS #7 software publishing certificate called MyCert.spc.
The final step is to actually sign a file using the SignCode program. This program will:
Once the file has been signed (assuming you have a valid certificate) and time stamped, the file can be distributed to your customers. Note that certificates generated with the test programs MakeCert and Cert2SPC are NOT valid for signing code that will be distributed to the public. Independent software vendors must obtain a certificate from GTE, VeriSign Inc., or another certification authority for signing code that will be distributed to the public.
Here are two examples of how to sign and time stamp a file using the Microsoft Internet Explorer 3.02 UPD options. The first uses a private-key name MyKey and the second uses a private-key file My.pvk:
SignCode -prog MyControl.exe -spc Cert.spc -pvk MyKey -timeStamper http://timestamp.verisign.com/scripts/timstamp.dll
SignCode -prog MyControl.exe -spc Cert.spc -pvk My.pvk -timeStamper http://timestamp.verisign.com/scripts/timstamp.dll
Note In the URL above, timstamp.dll is correct. This is not a typographical error.
In both cases a PKCS #7 object, Cert.spc, is embedded into the digest of the file, MyControl.exe. In the first example, the digest is signed with the private key of the MyKey key pair, and a time stamp is added. In the second example, the digest is signed with the private-key file My.pvk, and a time stamp is added.