Code Signing: How it Works

DigiCert helps you deliver your apps and code to more customers on more platforms than any other provider. More developers and publishers rely on DigiCert, the most recognized and trusted Certificate Authority (CA) worldwide, than any other CA.

How Code Signing Protects Your Intellectual Property and Reputation

DigiCert's robust authentication practices, public key infrastructure and technical support teams help ensure a safe, secure experience for you and your customers.


Digital signatures use public key cryptography technology to secure and authenticate code.

  • A developer adds a digital signature to code or content using a unique private key from a code signing certificate
  • When a user downloads or encounters signed code, the user’s system software or application uses a public key to decrypt the signature
  • The system looks for a “root” certificate with an identity that it trusts or recognizes to authenticate the signature
  • The system then compares the hash used to sign the application against the hash on the downloaded application
  • If the system trusts the root and the hashes match, then the download or execution continues
  • If the system does not trust the root or the hashes do not match, the system interrupts the download with a warning or the download fails

Introduction to Code Signing

Website Security

Self-Signed Digital Certificates

A self-signed digital certificate is chained to a root certificate owned by the signer. In most cases, your root certificate will not be available to third party software and devices.

A Trusted Certificate Authority

When you enroll for a digital certificate, the CA authenticates your identity and issues a certificate that is chained to the CA’s root certificate. Application and device have root certificates of known and reputable CA’s embedded within them. When the application or device trusts the root certificate, it trusts you. DigiCert root certificate ubiquity is second to none. Our root certificates come preinstalled on most devices and embedded in most applications, creating a seamless, secure installation process for end users.

DigiCert Code Signing Certificates

Boost Software Adoption and Sales with Code Signing

What's Code Signing?

Code signing is a digital signature added to software and applications that verifies that the included code has not been tampered with after it was signed.

SHA 256 Support

SHA 256 Support

Secure Hash Algorithm (SHA) 256 Support is available for DigiCert Code Signing Certificates.

Continue Reading

Code Signing: Why Sign

Code Signing: Why Sign

5 Reasons Why You Should Sign Your Code with DigiCert Code Signing.

Continue Reading

Code Signing 101

Code Signing 101

Code signing does two things: it confirms who the author of the software is and proves that the code has not been altered or tampered with after it was signed. Both are extremely important for building trust from customers and safely distributing your software.

Continue Reading


Website Security Solutions In The Real World

Join the Community

Follow Threat Intelligence on Twitter @Threatintel


Watch Videos on the Website Security YouTube Channel


We have updated our Privacy Policy which can be found here.