Topics Map > University of Chicago > IT Services > Accounts, Identity, & Security > Security
Digital Certificate - Use a Code Signing Certificate
This article explains an introduction on how to use a Code Signing Certificate (also known as a Software Publishing Certificate) which can be used to digitally sign software.
IT Services provides free Code Signing Certificates via the InCommon Certificate Service. Code signing certificates (also known as Software Publishing Certificates) can be used to digitally sign software executables and scripts. The digital signature can help users of the signed software to confirm that the software is genuine by authenticating the source of the software (i.e. who published it) and verifying the integrity of the content (i.e. the code hasn't been modified since signed).
Uses of Code Signing Certificates include:
- Microsoft Authenticode
- signing Java jar files
- signing Adobe AIR applications
Overview of the Process
Once you have received a Code Signing Certificate via email you can immediately begin signing and distributing your software. The typical process for signing code includes using a utility program (such as signcode.exe, codesign, or signtool) that does the following (at minimum):
- create a cryptographic hash of your software code
- encrypt the hash using your private key
- create a package containing your code, the encrypted hash, and your code signing certificate
Information on Specific Tools
The specific method for doing so varies according to what software and environment you are using and is outside the scope of this document; however here are some links to useful starting points to learn more:
- Comodo Knowledge Base: all entries for code signing certificates
- Comodo Knowledge Base: "Signing JAR Files"
- Comodo Knowledge Base: "Signing Adobe AIR Applications"
- MSDN Article "Introduction to Code Signing"
- How to sign a Mozilla extension or theme
The digital signature for your software can be valid beyond the lifetime of your Code Signing Certificate if you use timestamping. This service is provided by Comodo at the URL http://timestamp.comodoca.com/authenticode. For more information please see: Comodo Knowledge Base: "Timestamping"