20.12.11

InfoQ: Code Signing For Individual Developers

InfoQ: Code Signing For Individual Developers
Code signing - Wikipedia, the free encyclopedia

  • Code Signing is a mechanism for software users to trust executable code that is published on the internet before downloading and running it. 

Code signing is the process of digitally signing executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was signed by use of a cryptographic hash.

Code signing can provide several valuable features. The most common use of code signing is to provide security when deploying; in some languages, it can also be used to help prevent namespace conflicts. Almost every code signing implementation will provide some sort of digital signature mechanism to verify the identity of the author or build system, and a checksum to verify that the object has not been modified. It can also be used to provide versioning information about an object or to store other meta data about an object.

InfoQ: Code Signing For Individual Developers
  • Until now, this was practically beyond the reach of the individual developer, due to costs and processes involved. 
  • However, some stores are now offering Thawte code-signing certificates for individual developers for $99 per year.
  • Also on newer platforms such as Android or iOSit is sufficient and even typical to self-sign applications.

No comments: