Code Signing

Authenticity and assurance in a signature: guarantee the integrity and security of your software components

Code signing: the security of digital signatures applied to software components

Code Signing Certificates let you add a digital signature to a wide range of executable software components, to guarantee their authorship, integrity and ensure the source code has not been tampered with.

The certification process inextricably links the identity of an IT organisation to a key pair: the private key, used by the developer or distributor to sign the code, and the public key, which allows the end user to verify the identity of the signatory (and so the reliability of the software component).

This is an essential security measure for any organisation that needs to protect the software components they develop and distribute from the risk of malware.

Learn more about our solutions

Actalis code signing certificates for business: key benefits

By digitally signing files containing executable code, companies can both protect and optimise their work while fostering a relationship of trust with customers. What’s more, they can protect their brand from any damage to their reputation caused by malware.

Some of the benefits of using a code signing certificate:

Authenticity and reliability


Certify the identity of the organisation developing and distributing software.

Integrity of the components


Make sure that the code has not been accidentally or maliciously altered after signing.

Download and installation


Processes are faster and more secure, as interruptions are reduced and the end users' devices are protected.

Avoid error notifications


Reduce the number of security alerts, replacing them with messages containing information about the software publisher.

Actalis solutions for code signing certificates

Our code signing certificates comply with the requirements of the CAB Forum, the association that brings together the main Certification Authorities around the world.

Centralize certificates with Enterprise RA 


Thanks to the Enterprise RA web application, companies can issue their own Code Signing certificates. In addition, they can check the lifecycle of issued certificates, managing renewals and revocations whenever they want.

Use Code Signing certificates in as-a-service mode


Actalis generates Code Signing keys on the HSM of the CA, where the certificates will be installed. The issuing system is automized in the cloud and does not require the user to generate a CSR, or to install the certificate on its systems.

Tools

Get the best out of your Code Signing certificate

Actalis Code Signer


Actalis Code Signer is the code signing client that simplifies the digital signature of applications and software produced by the company. The signed code contains the name of the editor and guarantees that the code has not been tampered with after publishing.

Client download Download client documentation

Code Signing Timestamps


The Actalis Code Signing Timestamps allow you to add a timestamp to the digital signature applied to the executable code, certifying the date and time of issue. Operating systems will accept signed software even after the expiry of the certificate, improving your reliability in the eyes of your customers.

The address of Actalis' timestamping service is: http://timestamp.actalis.com.

Please note that this is not a "browsable" website, but a timestamp server implementing the RFC3161 protocol, and is intended for code-signing clients

Best practices for using code signing certificates

To manage the code signing process correctly and securely, we recommend following the guidelines below.

Restrict access to private keys


Only let a small group of authorised personnel access the PCs used for the code signing process.

Authenticate the code before signing it


Keep track of all code signing operations and prevent unapproved or malicious code from being signed.

Protect private keys using encryption hardware devices


Prevent attacks by storing your keys with security-compliant tools (such as a smart card or USB token).

Scan for viruses before signing the code


Make sure any third-party libraries and code you're about to sign do not contain viruses.

Always add a timestamp to the signed code


This will validate the signed code even after the code signing certificate has expired or been revoked.

Reduce risk with multiple certificates


Avoid signing all your software with the same certificate, use different ones and change your keys frequently.

Use test certificates to sign code that has not yet been issued


When carrying out tests, choose different keys from those used in the production environment.

Revoke compromised certificates


If your private key is compromised, revoke it and contact Actalis.


How to request and install your Code Signing certificate

Contact our technical experts

Code Signing solutions are just one element of complex IT projects. We can provide all the technological tools and experience needed to help companies design and implement custom solutions at scale.

get in touch today