Topics Map > University of Chicago > IT Services > Accounts, Identity, & Security > Security

Digital Certificate - Use a Code Signing Certificate

This article explains an introduction on how to use a Code Signing Certificate (also known as a Software Publishing Certificate) which can be used to digitally sign software.

IT Services provides free Code Signing Certificates via the InCommon Certificate Service. Code signing certificates (also known as Software Publishing Certificates) can be used to digitally sign software executables and scripts. The digital signature can help users of the signed software to confirm that the software is genuine by authenticating the source of the software (i.e. who published it) and verifying the integrity of the content (i.e. the code hasn't been modified since signed).

Uses of Code Signing Certificates include:

  • Microsoft Authenticode
  • signing Java jar files
  • signing Adobe AIR applications

Overview of the Process

Once you have received a Code Signing Certificate via email you can immediately begin signing and distributing your software. The typical process for signing code includes using a utility program (such as signcode.exe, codesign, or signtool) that does the following (at minimum):

  • create a cryptographic hash of your software code
  • encrypt the hash using your private key
  • create a package containing your code, the encrypted hash, and your code signing certificate

Information on Specific Tools

The specific method for doing so varies according to what software and environment you are using and is outside the scope of this document; however here are some links to useful starting points to learn more:

Timestamping

The digital signature for your software can be valid beyond the lifetime of your Code Signing Certificate if you use timestamping. This service is provided by Comodo at the URL http://timestamp.comodoca.com/authenticode. For more information please see: Comodo Knowledge Base: "Timestamping"

See Also:




Keywords: Authenticode csc ca x.509 signature cert certificates x509 "code signing" "software publish" "certificate authority" incommon comodo tls pki   Doc ID: 19495
Owner: James C.Group: University of Chicago
Created: 2011-08-02 19:00 CDTUpdated: 2013-11-12 12:33 CDT
Sites: University of Chicago