Understanding code signing

Code signing is the process that a software publisher uses to digitally sign scripts, executables, documents, and other code. The purpose of code signing is twofold:

• To guarantee that code has not been altered since the time it was signed
• To verify the author’s identity

When code is signed, a digital signature is created and bundled with the code that is being distributed. This digital signature gives recipients of the code an automated way to know if they can trust the code that they have received. When the software recipient executes signed code, the operating system or application uses the digital signature to determine whether the code is authentic and unaltered. As such, code signing is an essential security feature in today’s world.

This section provides background information on key concepts to understand and a high-level overview of how code signing works in general. Understanding these general code signing concepts is key to understanding how the Code Signing product works.