Back
-
Solutions
Back
Digital Trust for:
Enterprise IT, PKI & Identity
Code & Software
Documents & Signing
DigiCert® Device Trust Manager
Manage PKI and Certificate risk in one place
Optimizing Enterprise
Certificate Management for
Security and Digital Trust
Secure, update, monitor and control connected devices at scale
DOWNLOAD NOW - Buy
-
Insights
Back
Digital Trust for the Real World
Explore these pages to discover how DigiCert is helping organizations establish, manage and extend digital trust to solve real-world problems.
Ponemon Institute Report
See what our global post-quantum study uncovered about where the world stands in the race to prepare for quantum computing.
LEARN MORE >
-
Partners
Back
- Support
- Contact us
- Language
Code Signing Trust
What is code signing?
Code signing is a security technology that uses digital signatures to authenticate a software publisher’s identity and verify the integrity of the code. The process involves applying a unique cryptographic signature to software or applications so users who download or install the signed code can be confident it originated from a trusted source and hasn’t been altered since its signing.
How does code signing work?
Code signing operates through public key infrastructure (PKI). Here’s a quick overview of how it works:
- Generate a hash: The software publisher creates a cryptographic hash of the software.
- Sign with a private key: A digital signature is created by encrypting the cryptographic hash using the publisher’s private key.
- Attach the signature: The digital signature is attached to the software.
- Distribute the software: The signed software is distributed to users.
- Verify with a public key: Users’ systems use the publisher’s public key to decrypt the digital signature and compare the hash with the software. If they match, the software is verified.
Why is code signing trust important?
Code signing trust is crucial to cybersecurity. It promotes digital trust by:
- Ensuring authenticity: Because code signing certificates verify a software publisher’s identity, users can trust that the software came from a legitimate source.
- Maintaining integrity: By providing a cryptographic hash, code signing ensures that the code hasn’t been tampered with since it was signed. Any alteration would invalidate the signature, alerting users to potential risks.
- Boosting user confidence: When users see that software is code signed, they’re more likely to trust and install it, potentially enhancing the software’s adoption rate.
- Mitigating security risks: Code signing helps prevent the distribution of malicious code and reduces the risk of malware infections, protecting both end users and the reputation of the software publisher.
Learn more
Explore DigiCert’s code signing solutions or read our FAQs to learn more about code signing trust.
-
The most-trusted global provider of high-assurance TLS/SSL, PKI, IoT and signing solutions.
-
-
© 2024 DigiCert, Inc. All rights reserved.
Legal Repository Audits & Certifications Terms of Use Privacy Center Accessibility Cookie Settings