Code Signing

Code Signing is used to protect software and its origin. By using Code Signing, a software program (macro, applet, ActiveX component, driver or other executable) will get a digital signature by the developer.

The signature is part of the software program (the software code), which will make it impossible to modify the program. If the code will be changed, the signature is not valid anymore. The signature will give the end user of the software program that the identity of the creator of the software is guaranteed and it also assured that the code is intact and not changed.

The Benefits of Code Signing

  • Build a trusted relationship with your customers
  • Protect your customers against corrupt or modified codes
  • Reduce errors and security warnings

The operation of Code Signing

  1. The software developer will request a Code Signing certificate.
  2. A software developer uses a Code Signing program, depending on the platform, to add a digital signature to its program code in combination with the Code Signing certificate.
  3. The program will be uploaded to a website, mobile network or is otherwise made available to download or run.
  4. If users want to download or run the program, the digital signature will be checked.
  5. The browser or other executive program will determine whether it will show a warning with an execution block (this depends on the platform, application and security settings of the user) or permit.

There are programs available to add the digital signature. For most Windows program codes (.exe, .ocx, .dll and .cab), the SignTool.exe from Microsoft shall be used. The developer can thus specify the program code, the private key, the Code Signing certificate and optionally the time stamping server URL. For Java program codes, Jarsigner can be used (as of Java 5, the time stamping can be added with this as well).

Requesting a Code Signing certificate

Like with SSL Certificates, to request a Code Signing certificate, you must first generate a Certificate Signing Request (CSR) on the system where the program code should be signed. This depends on the browser or operating system (Windows, Java, Adobe Air, Mac).

SSL Certificates




PO Box 15320
1001 MH Amsterdam
The Netherlands

T: +31 (0)20-7881030
F: +31 (0)20-7881040

rss twitter facebook linkedin