Today I posted an article on how the Bootstrapper does security, specifically how it verifies package file integrity before installing.  I also included the source code for obtaining a file's Hash or PublicKey information.  You can check out the post at:

http://blogs.msdn.com/chrsmith/articles/Bootstrapper_Security.aspx