Code Signing 101

Code signing does two things: it confirms who the author of the software is and proves that the code has not been altered or tampered with after it was signed. Both are extremely important for building trust from customers and safely distributing your software.

Why Does Code Signing Matter?

When you consider that the average loss per cybercrime incident is $197, it’s no wonder people are extremely careful when it comes to downloading executable files from the internet.


That said, it’s worth doing whatever it takes to gain their trust: online distribution means you can distribute software updates faster, you broaden your potential customer base and you can considerably cut costs since there is no postage or discs and packaging to manufacture. Providing verifiable proof that as the author of the code, you are who you say you are and that your code is in no way corrupted or malicious is therefore a no-brainer. In fact, many third party publishers and mobile network providers now insist upon code signing to protect their users.

Introduction to Code Signing

Website Security

So, How Does Code Signing Work?

The process for code signing is similar to that used for SSL/TLS certificates, where a pair of cryptographic keys is used, one public and one private, to identify and authenticate both you and your code. The best and safest way to obtain a private key is by applying for a certificate from a trusted certificate authority (CA), such as DigiCert, who will take you through an authentication process. Once you have your certificate, you can then generate your private key. Your choice of CA is important as it can affect how far you are able to distribute your software. DigiCert, for example, provides certificates for a wide range of desktop and mobile platforms, including Windows Phone and Android.


You then sign your executable file or library of software using this private key, which can only be unlocked by public keys that are traceable to the CA, and which are preinstalled on most browsers. If the code has been tampered with after signing, the public key will not be able to verify the authenticity of your private key signature and the browser will flash up a warning to anyone trying to download it. If the code has remained intact then your file will be delivered and downloaded seamlessly. It’s as simple as that.

Boost Software Adoption and Sales with Code Signing

What's Code Signing?

Code signing is a digital signature added to software and applications that verifies that the included code has not been tampered with after it was signed.

SHA 256 Support

SHA 256 Support

Secure Hash Algorithm (SHA) 256 Support is available for Code Signing Certificates.

Continue Reading

Code Signing: Why Sign

Code Signing: Why Sign

5 Reasons Why You Should Sign with Code Signing.

Continue Reading

How Code Signing Works

How Code Signing Works

DigiCert helps you deliver your apps and code to more customers on more platforms than any other provider. More developers and publishers rely on DigiCert, the most recognized and trusted Certificate Authority (CA) worldwide, than any other CA.

Continue Reading


Website Security Solutions In The Real World

Join the Community

Follow us on Twitter


Watch Videos on our YouTube Channel


We have updated our Privacy Policy.