What is a Code Signing Certificate?
Buy Code Signing Certificates
What is a Code Signing Certificate?
Code signing certificates are digital certificates that contain information that fully identifies an entity and are issued by a Certificate Authority such as GlobalSign. The digital certificate binds the identity of an organization to a public key that is mathematically related to a private key pair. The use of private and public key systems is called Public Key Infrastructure (PKI). The developer signs code with its private key and the end user uses the developer’s public key to verify the developer's identity.
Signing Code with a Code Signing Certificate
The digital certificate is marked for the specific use of digitally signed code, in PKI this is referred to as Key Usage. Below is an example of a GlobalSign digital certificate marked for code signing.
When a digital signature is applied, a timestamp is also recorded. This timestamping feature acts to ensure the signed code remains valid even after the digital certificate expires. Unless you’re adding additional code or making changes to the code, a new signature does not need to be applied (even if the digital certificate used to initially sign the code expires).
Code Signing helps prove...
Content Source
Code signing identifies that the software or application is coming from a specific source (a developer or signer). When software is downloaded from the internet, browsers will exhibit a warning message stating the possible dangers of downloading data. Code signing removes security warnings and identifies the Publisher’s name (ie. organization name).
Content Integrity
Code signing ensures that a piece of code has not been altered and determines whether code is trustworthy for a specific purpose. If the application/ software code is tampered with or altered after digitally signing, the signature will appear invalid and untrusted. Signing code is beneficial for users downloading applications and beneficial for developers. Users are assured who they are downloading software from and can decide whether or not to trust the source. Developers can mark their “brand” and protect their software from unwanted changes.
Shop Now - Start Protecting Your Code Today!
Shop Code Signing Certificates
Organization Validation (OV)
Provides verification of the publishers identity ensuring the software comes from a legitimate source, protecting against unauthorized code distribution.
Displays publishers name in the operating system providing reassurance of the software's code.
Supports timestamping which ensures long-term validation of your code and maintains trust in the software overtime.
Extended Validation (EV)
Offer the highest level of security and undergoes a rigorous validation process, ensuring the highest level of trust.
Displays the software publisher name and other visual indicators during the installation process, reducing installation warnings or security prompts.
Supports timestamping which ensures long-term validation of your code and maintains trust in the software overtime.