What Is Code Signing?

Code signing is the process of using X.509 certificates to digitally sign software for safe distribution, hassle-free installation, and compliance with OS security policies.

Related Content

Want to keep learning?

Subscribe to SSL.com’s newsletter, stay informed and secure.

Code Signing is a method of putting a digital signature on a file, program, or software update which guarantees that the executable has not been tampered with or otherwise been compromised. It’s a means of providing an added level of assurance to the user that the item is authentic and safe to use. 

SSL.com offers enterprise code signing solutions, one of which is an Extended Validation (EV) Code Signing Certificate. Read more here and continue below for some frequently asked questions on code signing.

What is code signing?

Code signing is the process of using X.509 certificates to digitally sign software for safe distribution, hassle-free installation, and compliance with OS security policies. By signing their apps and drivers with a certificate issued by a reputable, publicly trusted certificate authority (CA) like SSL.com, developers and software vendors assure users that their software has been issued by a known and trusted developer, has not been tampered with, and is safe to install.

Code signing is especially useful for software distributed via the Internet, where there are ample opportunities for malicious third parties to alter applications, introduce malware or viruses, and/or impersonate legitimate software suppliers. By digitally signing code, software vendors also prevent users from having to click through OS warning messages or change default security settings when installing software:

Unsigned driver warning

What are the differences between OV, IV, and EV code signing certificates?

Standard code signing certificates from SSL.com include validation of the identity of a business or other organization (known as organization validation, or OV), or an individual person (individual validation, or IV), and offer affordable protection for software applications distributed by individuals or organizations.

Extended validation (EV) code signing certificates are more expensive and only available to registered organizations, but provide a number of additional benefits over standard OV/IV code signing certificates:

• An EV code signing certificate is required to sign Windows 10 drivers (both kernel-mode and user-mode).
• EV code signing certificates provide instant Windows SmartScreen reputation for signed applications, so users will not have to click through “unrecognized app” warnings—which can appear even with standard OV/IV code signatures:

SmartScreen Warning

Unlike OV/IV certificates, EV code signing certificates require FIPS 140-2 Level 2 certified key storage and two-factor authentication. For these reasons SSL.com offers EV code signing certificates through its eSigner cloud signing service, on FIPS 140-2 validated security key USB tokens, and for installation on selected hardware security modules (HSMs) and cloud HSM services.

For more information on the different types of code signing certificates, please read Which Code Signing Certificate do I Need? EV or OV?

How can I order and install a code signing certificate from SSL.com?

Please refer to the following how-tos for information on ordering, installing, and getting started with code signing and EV code signing certificates from SSL.com:

Ordering and Retrieving Code Signing Certificates
How to Install OV Code Signing Certificates
Using Your Code Signing Certificate
Getting Started with Your EV Code Signing Certificate

Can I enroll an SSL.com code signing certificate in eSigner cloud signing?

Currently, any SSL.com EV code signing certificate may be enrolled in eSigner, SSL.com’s cloud code and document signing service. Standard OV/IV code signing certificates are not available for eSigner enrollment, but will be in the near future.

Users can sign code with eSigner’s Extended Validation Code Signing capability. Click below for more info.

LEARN MORE

Stay Informed and Secure

SSL.com is a global leader in cybersecurity, PKI and digital certificates. Sign up to receive the latest industry news, tips, and product announcements from SSL.com.

We’d love your feedback

Take our survey and let us know your thoughts on your recent purchase.