Code Signing SSL Certificates
What is a Code Signing SSL Certificate?
When customers buy software in a store, the source of that software is obvious. Customers can tell who published the software, and they can see whether the package has been opened. These factors enable customers to make decisions about what software to purchase and how much to “trust” those products. Customers who download digitally signed Active X controls, dynamic link libraries, .cab files or HTML content from your site can be confident that code really comes from you and hasn’t been altered or corrupted since it was created and signed. Digital IDs serve as virtual “shrink wrap” for your software: after you sign your code, if it is tampered with in any way, the digital signature will break and alert customers that the code has been altered and is not trustworthy.
The solution to these issues is Microsoft’s Authenticode technology coupled with Digital IDs from a Certificate Authority. Code Signing, through the use of digital signatures, enables software developers to include information about themselves and their code with their software.
Users benefit from this software accountability because they know who published the software and that the code hasn’t been tampered with. In the extreme case that software performs unacceptable or malicious activity on their computers; users can also pursue recourse against the publisher. This accountability and potential recourse serve as a strong deterrent to the distribution of harmful code. Developers and Web masters benefit from Code Signing because it builds trust in their names and makes it more difficult to falsify their products. By signing their code, developers build a trusted relationship with users, who learn they can download software signed by that publisher or Web site with confidence. With Code Signing Certificates, developers can create exciting Web pages using signed ActiveX controls, or other signed executables. And users can make educated decisions about what software they want to download, knowing who published the software and that it hasn’t been tampered with.
Code signing is widely used to protect software that is distributed over the Internet. Code signing does not alter it; it simply appends a digital signature to the executable code itself. Use digital signatures when you want to distribute data, and you want to assure recipients that it does indeed come from you. This digital signature provides enough information to authenticate the signer as well as to ensure that the code has not been subsequently modified. Code signing digital IDs (or certificates) allow content publishers including software developers to sign their content that includes software objects, macros, device drivers, firmware images, virus updates, configuration files or other types of content for secure delivery over the Internet.
Digital signatures are created using a public-key signature algorithm such as the RSA public-key cipher. A public-key algorithm actually uses two different keys: the public key and the private key (called a key pair). The private key is known only to its owner, while the public key can be available to anyone. Public-key algorithms are designed so that if one key is used for encryption, the other is necessary for decryption. Furthermore, the decryption key cannot be reasonably calculated from the encryption key. In digital signatures, the private key generates the signature, and the corresponding public key validates it.
Thawte Code Signing Certificate
Secure Delivery of Code and Content
Easy online distribution has made it possible for developers to create fun and functional code, anywhere and everywhere. However, the potential for fraud and the spread of malicious code has increased as well. With a Thawte® Code Signing Certificate, your code will be as safe and trustworthy to customers as shrink-wrapped software from a store shelf.
Code Signing Certificates for:
- Microsoft® Authenticode® (Multi-Purpose)
- Sun Java®
- Adobe® AIR®
- Microsoft® Office VBA
VeriSign Code Signing
For developers and software publishers of active content, code signing reduces error messages and builds trust in your reputation. VeriSign® Code Signing Certificates for Microsoft® Authenticode® authenticate your identity and validate code integrity.
- Full business authentication verifies your business identity and domain ownership
- Up to 256-bit encryption with 40-bit minimum secures online transactions
- VeriSign Trust™ Seal with VeriSign Seal-in-Search™ maximizes click-through and conversions
- Daily Web site malware scanning shows customers you are committed to keeping them safe
- 30-day money back guarantee
SSL and More in a Single Solution
VeriSign Secure Site with EV offers more than security for your online business. We help drive traffic to your site and reduce abandoned transactions. Our premium SSL Certificate, the VeriSign Trust Seal, Seal-in-Search technology, and daily Web site malware scanning work together to help assure your customers that your site is safe from search to browse to buy.
Customers Worldwide Know and Trust the VeriSign Seal
The VeriSign seal, the most trusted mark on the Internet, i s viewed up to 650 million times per day on over 100,000 Web sites in 165 countries. Seal-in-Search displays the VeriSign Trust Seal next to your link on browsers enabled with a free plug-in as well as on partner shopping sites and product review pages. The seal differentiates your link in search and shows that malicious code has not been detected in a daily malware scan. Learn more: The VeriSign Seal
Comodo Code Signing Digital IDs
When customers download software signed with a Code Signing Certificate issued by Comodo, they can be assured of:
- Content Source: End users can confirm that the software really comes from the publisher who signed it.
- Content Integrity: End users can verify that the software has not been altered or corrupted since it was signed.
Features & Benefits of Code Signing Digital Ids
Code Signing Digital ID protects (reassures) your customers by assuring them that the integrity of the code they download from your site is intact – that it has not been tampered with or altered in transit.
After downloading, end users can be sure that the code they obtained really came from you, helping you preserve your business reputation and intellectual property. Digital IDs allow customers to identify the author of digitally signed code and contact them should an issue or query arise.
Seamless Integration with Industry-Standard Technology
Most browsers will not accept action commands from downloaded code unless the code is signed by a certificate from a trusted Certificate Authority, such as Comodo.
Ease of Use
Code signing certificates are easy to use in conjunction with the vendor software tools that developers use to create products, macros and objects.
How does Authenticode work with Comodo Digital IDs?
Authenticode relies on industry standard cryptography techniques such as X.509 v3 certificates and PKCS #7 and #10 signature standards. These are well-proven cryptography protocols, which ensure a robust implementation of code signing technology.
Authenticode uses digital signature technology to assure users of the origin and integrity of software. In digital signatures, the private key generates the signature, and the corresponding public key validates it. To save time, the Authenticode protocols use a cryptographic digest, which is a one-way hash of the document.