A code signing certificate allows you to affix a digital signature to a script or executable, proving to end-users that your software is safe to download and install. When a user’s computer receives the signed file, it can check the authenticity of the signature to ensure it knows who signed it and whether the final product has been tampered with.
One of the key benefits of code signing is that it reduces security warnings for your users, making it easier and faster for users to install your software.
A lot of people compare code signing to the shrink wrap that used to cover physical software when purchased from a retail store. That shrink wrap lets you know whether the software has been tampered with. Code signing is similar. It helps assure your customers the software hasn’t been tampered with, asserting the software’s integrity and the developer’s identity.
Do you see this browser warning? This is the mark of death for any piece of software. People trust their browsers to keep them safe, so when they get a warning about the lack of identity of a publisher or a lack of integrity for the program—they listen. Code Signing is the only surefire way to avoid these kinds of warnings.
Digitally sign your scripts and executables to assert publisher identity and ensure file integrity.
The Sectigo Code Signing certificate is one of the most trusted digital signing certificates in use today by software developers and engineers.
How does Code Signing work?
A digital signature is really just a string of letters and numbers that can be affixed to a file or program. When the signature is added, the program and the signature are both hashed and that hash value, along with the signed program, are then made available for download.
When a customer decides to download the software, their browser will take a look at the digital signature and authenticate it; once this is done, the browser will perform the same hash function and compare the value to the one that came with the program. If the two values match, the file hasn’t been tampered with.
This can be determined with confidence because of the way hashing works. Hashing is the practice of mapping data of any length to a fixed-length output. For instance, SHA-256 is the standard hashing algorithm used in SSL/TLS. SHA-256 outputs hashes that are 256 bits long, this is usually represented by a 64 character hexadecimal string. No two pieces of data can ever produce the same hash value. If they do, this is called a collision and it renders the entire hashing algorithm worthless.
Customers need two things before downloading your software
Before anyone downloads your software, they need two assurances:
- They need to know the software was developed by a reputable party
- They need to know the software hasn’t been altered or tampered with
Only a Code Signing certificate can accomplish this. By adding your digital signature to your script or executable, you’re proving both your identity and monitoring the file for compromise. These assurances are the difference between converting and missing out on a download.
What Platforms can I Sign On?
Sectigo Code Signing certificates are compatible with a wide range of major file types:
- Adobe AIR
- Apple applications and plug-ins
- Mozilla Objects
- Microsoft Authenticode
- Microsoft VBA
- Java
- MS Office Macros
There are no reviews yet.