How can we know if you can trust a software you're trying to download from the Internet? How do we know if the software is actually published or not changed by the company you're considering? Of course thanks to the code signing certificates. Code signing ensures the publisher identity and the software integrity.
What is Code Signing?
A Code Signing certificate, is a piece of software that gives developers the ability to digitally sign codes and provides two important benefits:
- It verifies of the publisher identity.
- It ensures of the software integrity.
The only way web browsers can trust your software is the code signing certificate.
Web Browser Filters and Antivirus Programs
Downloading something from the Internet has the potential to become very dangerous. All it takes was needed could be a malicious file and a computer. Because of risk, browsers and antivirus programs look at certain criteria before allowing the user to download anything. Code signing is one of the major factors that control whether malware features should be trusted or not.
When you purchase a Code Signing certificate from a trusted Certification Authority (CA), you can sign your software with a digital signature. The Web browser filter or antivirus program may tell you that when the file is downloaded, the software is signed with a valid Private Key issued by a trusted CA. Because CA had to validate you before issuing the certificate, web browsers or antivirus programs knows it can trust you.
What Happens if I Don't Code Sign My Software?
Anyone who wants to download or install an unsigned executable software (such as an exe file) encounters a warning message. Mostly, users rely on these warning messages. This will adversely affect installation rate of the your software. The only way to overcome these warning messages is to sign your code with a code signing certificate.
How Does Code Signing Work?
When you have finished working on the software you developed and it is time to sign it, you will applied a digital signature using your Code Signing certificate and Private Key. This digital signature is then hashed with the rest of your code. When a user wants to download the software, the operating system performs, web browser or antivirus software a series of checks:
- Check the digital signature and make sure it is links back to a trusted Code Signing certificate.
- The same hash technique applied during signature is applied.
- The current hash is compared to the signed hash. It is determined whether a change has been made since it has a different value in slightest change.
- The user's computer now knows the publisher identity and the software integrity is preserved.
- It will now proceed with the download and show the user the verified publisher of the software.
Do Code Ending Certificates Expire?
Yes, Code Signing certificate can be issued between 1 and 3 years for security reasons. If Code Signing certificates were to stayed good forever, older certificates of software companies that were no longer in operation could be at risk of producing malicious software. So to give an expiration date of the certificate is much safer. When you add a timestamp during signing, the software signed with the digital signature will continue to work forever. A timestamp is because it provides client proof that the software was signed while the certificate was valid. If a software is signed without a timestamp, warning messages will begin to appear again at the expiry date of the digital signature certificate.
Does Code Signing Certificates Work on All Platforms?
Code signing certificates will generally work on most platforms. The most important exception is Apple, iOS and macOS platforms. Apple requires you to purchase a .p15 certificate directly from them. Most other platforms, common platforms code signing is used for include Microsoft Windows, Microsoft Office, Adobe AIR, Java, and Mozilla.
If you want to using digital signatures in your software, you can browse our Code Signing Certifiacates.