|
|
|
To learn more, please also see answers to these questions:
What are Code Signing Certificates?
How does Code Signing protect my brand with “Digital Shrink Wrapping”?
How does Code Signing increase my customers’ confidence?
When should Code Signing Certificates be used, and what can it secure?
What are the practical applications of Code Signing Certificates?
What types of Code Signing Certificates can i buy?
|
|
|
|
|
What are Code Signing Certificates?
|
|
Code signing is the process of digitally signing executables and scripts using asymmetric encryption. A digital signature confirms that the software originated from the Publisher who signed it and that the code has not been altered or corrupted since it was signed.
Asymmetric encryption uses a pair of complementary keys, the public key and the private key. As their names imply, one of the keys is intended to be kept by the Publisher while the other one is shared freely with the world. A Software Publisher uses the private key to encrypt a digital signature and the rest of the world can then use the corresponding public key to decrypt and analyze that signature. This signature includes a hash, which allows users of the software to verify that (a) the software really did come from the publisher as claimed, and (b) the software hasn’t been modified since the Publisher released it. If the decryption is successful, they’ve successfully verified your identity.
A digital certificate is an electronic trusted ID card which utilizes a digital signature to bind a public key together with respective user identity for the purpose of public trust. A Certificate Authority (CA) - such as VeriSign - creates, manages, distributes, and revokes digital certificates.
|
|
|
|
|
How does Code Signing protect my brand with “Digital Shrink Wrapping”?
|
|
Based on public key infrastructure and digital signature technology, VeriSign® Code Signing creates a digital “shrink-wrap”. When customers download signed software verified by VeriSign, they can be assured of the content source and the content integrity. Code Signing adds a level of trust to your applications and makes them harder to falsify or damage, protecting your brand and your intellectual property.
|
|
|
|
|
How does Code Signing increase my customers’ confidence?
|
|
Unsigned code triggers a disruptive security warning or error message, or causes code to simply fail to load. To prevent disruption, software publishers should sign their code using a VeriSign Code Signing Certificate. VeriSign root certificates come preinstalled on most devices and embedded in most applications, which is not the Case for other code signing solutions.
With VeriSign Code Signing Certificates, developers select a platform, a validity period and install the certificate on their desktop or a portable device such as a USB drive. A timestamp option shows when code was signed, allowing customers to verify that the code signing certificate was valid at the time of the digital signature.
In the real world, customers trust software they buy in a store because they can tell who published the product and can see whether the package has been opened or not. The Internet cannot offer the same security reassurance provided by shrink-wrapped software. With a Code Signing Certificate, your code will be as safe to install as it would be if you shrink-wrapped it and sold it off a store shelf.
|
|
|
|
|
When should Code Signing Certificates be used, and what can it secure?
|
|
A Code Signing Certificate is strongly recommended for any Software Publisher who plans to distribute code or content over the Internet or corporate extranets and wants to assure the integrity and authorship of that code. Code Signing is essential to the publisher’s business for several reasons:
 Builds customer confidence and trust
Protects your intellectual property and business reputation
Meets the requirements of platforms and network providers as well as business customers
Eliminates disruptive security alerts that might turn away customers or increase support inquiries
Helps increase market reach and adoption of downloadable software
Code Signing is advantageous in either external or internal use case as long as the code runs on the client machine.
Code signing supports your commercial sales and external distribution efforts by reassuring would-be users and buyers with the digital equivalent of shrink-wrap. It also satisfies the requirements of platforms, business customers, and partners.
Even if you’re focused only on internal distribution of code to users within your company, code signing is still important. Potential users will already know who you are but might not be able to run your code if your IT department requires all code to be signed.
|
|
|
|
|
What are the practical applications of Code Signing Certificates?
|
|
Many platforms and applications are supported including:
ActiveX controls
Kernel-mode code for the 64-bit editions of Windows® Vista
Device drivers
Macros and VBA
Java™ Applets
MIDlet (J2ME™)
Plug-ins and other executables
Adobe® AIR™ applications
|
|
|
|
|
What types of Code Signing Certificates can i buy?
|
Verisign Code Signing Certificate for Microsoft Authenticode
 Digitally sign 32-bit or 64-bit user-mode (.exe, .cab, .dll, .ocx, .msi and .xpi files) and kernel-mode software
Provider for Microsoft Windows® Logo programs
|
Verisign Code Signing Certificate for Sun Java
Digitally sign .jar files and Netscape Object Signing
Recognized by Java Runtime Environment (JRE)
|
Verisign Code Signing Certificate for Microsoft Office and VBA
Digitally sign VBA objects and macros
For Microsoft Office and third-party applications using VBA
|
Verisign Code Signing Certificate for Adobe AIR
Digitally sign .air or .airi files
Required for all AIR-based applications
|
Verisign Code Signing Certificate for Macromedia Shockwave
Digitally sign files created with Macromedia® Director® 8 Shockwave Studio
|
|
|
|
|
|
|
|
back to the top
go to Products and Services Overview
|
