This technical guide describes how to start using code signing for signing of executable files, software releases, firmware or other custom formats.

Background

Harmful code is today a real threat to users and organizations alike, as criminal groups and even governments use malicious software to steal and monitor data, extort money or empty your bank account.

To digitally sign executable files such as applications, libraries and drivers is an important part of security whenever software is being distributed over insecure networks (internal or the Internet) or stored on untrusted media. Digitally signed code ensures that the software running on computers and devices is trusted and unmodified.

Code signing is the process of digitally signing executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was signed. The most common use of code signing is to provide security when deploying software, for example installing and updating applications on your computer. The digital signature on the software is used to verify the identity of the author of the software and that the software has not been modified.

Code Signing in SignServer

SignServer is a secure code signing solution that allows you to keep code signing keys protected, and also provides a centrally managed and audited single service for all your code signing needs.

SignServer enables different project members or systems to authenticate and share the same protected code signing key and certificate when signing, and also provides audit records of who signed what. SignServer can also control individual code signing keys where only one person is granted authorization.

SignServer enables code signing through various signers and plug-ins:

  • Authenticode for Portable Executables (PE signing)
  • Java (JAR signing) and Windows Installer (MSI signing)
  • Client-side hashing and construction for Authenticode and JAR signing
  • PGP signing and Debian package signing
  • APPX and MSIX signing
  • Authenticode for PowerShell Scripts and Android APK v2 and v3 Signing Schemes
  • Microsoft Catalog files signing

For more information on supported formats, see Interoperability.