Ever wondered how users will identify YOUR unique software among a cheap imitations? Code signing is tantamount to virtual shrink wrapping. It essentially ‘seals' your software and validates it as ORIGINAL or TAMPER-PROOF. You—as the originator of that software—are identified as the sole author, generating trust and authenticity in the minds of your buyers. A failure to implement code signing to your software will leave you vulnerable to tampering, duplications and an eventual loss in sales.
How code signing works
Developers and software publishers use code signing certificates to attach a unique digital signature to applets, plug-ins, macros and other executable files before publishing them. Operating systems, software applications, devices, and mobile networks look for a trusted digital signature to authenticate the source of the code and confirm its integrity.
The Enrollment Process
When you apply for a Thawte® Code Signing Certificate, you generate a private/public key pair and submit the public portion to Thawte with documentation to prove your identity. Once Thawte authenticates and verifies the information, we issue a code signing certificate containing your full organizational name and your public key. It can be used to digitally sign code and content during the certificate’s validity period.
Deploying and Trusting Signed Code
- A publisher or developer signs a file using the code signing certificate.
- A digital signature is attached to the file and a hash mark is created.
- The content is published to a web site or mobile network, or otherwise made available.
- A user downloads or encounters the code. The user’s system software or application uses a public key to decrypt the signature.
- The hash used to sign the code is compared to the hash on the downloaded code. A mismatch generates an error, prevents download, or allows it, depending on the platform, application, and client security settings.
Code Signing FAQ
ProductSymantec Code Signing
ProductThawte Code Signing Certificate
ProductComodo Code Signing Certificate