Code Signing Certificates
Code signing is the method of using a certificate-based digital signature to sign executables and scripts in order to verify the author’s identity and ensure that the code has not been changed or corrupted since it was signed by the author.
Microsoft Authenticode Signing Certificate
- Used to sign CAB, CAT, CTL, DLL, EXE, and OCX files.
- Entrust offers PKCS#7 (Public Key Cryptography Standard # 7) certificates for use with Authenticode.
- When you install the certificate, a private key (PVK) is created on your machine. This process provides added security as the private key does not exist until it is created on the signer’s computer.
- Microsoft Authenticode is signed using Signtool – an application that is included when you download and install Microsoft .NET.
Java Code Signing Certificate
- Used for signing Java Archive (JAR) files.
- Entrust offers customers X.509 certificates to sign JAR files.
- A certificate signing request (CSR) in required for this type of code signing certificate.
- The certificate must be imported into your keystore.
- Download and install the Java developer’s kit (JDK). The JDK is available free from java.sun.com.
Microsoft Office and VBA Signing Certificate
- Used to sign DOC, DOT, XLS, XLT, XLA, PPT, PPS, and PPA files.
- Entrust offers PKCS#12 (Public Key Cryptography Standard #12) certificates for use with MS Office and VBA files.
- When you install the certificate, a private key (PVK) is created on your machine.
- Several Microsoft applications include built-in tools that allow the user to sign documents that they create.
EV Code Signing Certificate
- Used for Microsoft SmartScreen
- Supports Windows Kernel Mode Signing on Windows 10