The following guides describe code signing use cases and how to setup SignServer for code signing.
Note that these how-to guides assume some product knowledge and may not cover all topics in-depth but instead link to details in the product documentation.
Code Signing Technical How-to
This technical guide describes the code signing use case and how to start using code signing for signing of executable files, software releases, firmware or other custom formats.
Authenticode Code Signing Technical How-to
A brief guide for the use case SignServer Cloud and Authenticode signing, covering launching SignServer Cloud and trying out code signing using the Microsoft Authenticode digital signature format.
For more information on all the various code signing capabilities of SignServer, see the Code Signing Technical How-to.
Jenkins Integration for Automated Code Signing
A guide demonstrating an integration between SignServer and Jenkins for automated code signing in a CI/CD Pipeline. Includes using the SignServer JArchive CMS Signer for JAR signing and running a Jenkins Pipeline building and delivering the app, and using Client Certificate Authentication to authorize Jenkins to sign files in SignServer.
Post-quantum Code Signing How-to
As the time to roll out new Post-Quantum Cryptography (PQC) algorithms gets closer, it is wise to establish a high level of crypto agility in your organization and to try out the new algorithms as final candidate implementations become available from the NIST Post-Quantum Cryptography competition.
This guide demonstrates code signing based on SignServer using the post-quantum SPHINCS+ algorithm through Bouncy Castle and allows you to try out creating post-quantum keys and signatures.