A Code Signing Certificate is a digital certificate issued by a Certificate Authority (CA) like GlobalSign, which binds the identity of an organization to a public key that is mathematically linked to a private key pair. This certificate allows developers to sign their software or code using their private key, while end users verify the developer’s identity using the associated public key. This process is based on Public Key Infrastructure (PKI), ensuring the integrity and authenticity of the code.
GlobalSign provides options to install Standard and EV Code Signing Certificates on physical Hardware Security Modules (HSMs) or cloud-based HSM services like Azure Key Vault, AWS CloudHSM, Google KMS, HashiCorp Vault, and others.
Important Note: As per CAB Forum’s new guidelines, from June 2023, private keys for Code Signing Certificates must be stored in HSMs that comply with FIPS 140 Level 2 or 3.
Note: USB tokens are not included in HSM or Key Vault deployments.
Our Code Signing Certificates enable developers across all platforms to digitally sign the applications and software they distribute online. Code signing provides the same level of assurance as a physical shrink-wrapped product by including the publisher’s name and confirming that the code has not been altered since it was published. This allows users to trust the software they download from the internet.
By using a unique cryptographic hash, code signing ties the publisher’s identity to the software. This replaces the security warnings associated with unsigned code with notifications displaying the software publisher’s details, encouraging users to complete the installation and boosting download rates. Adding a digital signature ensures an essential layer of trust during the installation process.
Code signing guarantees that the software is legitimate, from a known publisher, and free from tampering. It prevents users from abandoning installation due to security alerts, ensures the code hasn’t been maliciously altered, and protects the vendor’s identity from theft.
EV Code Signing Certificates enhance the benefits of standard code signing certificates by providing a higher level of assurance that the publisher’s identity is verified and trustworthy.
The rigorous vetting process ensures that end users can trust the verified identity of the publisher. Additionally, EV Code Signing Certificates are mandatory for accessing the Windows Hardware Developer Center Dashboard Portal, where all kernel-mode drivers targeting Windows 10 (Build 1607 and later) must be signed.