Code Signing

Code signing is the process of digitally signing executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was signed. The most common use of code signing is to provide security when deploying software, for example installing and updating applications on your computer. The digital signature on the software is used to verify the identity of the author of the software and that the software has not been modified.

Overview

SignServer is a secure code signing solution that allows you to keep code signing keys protected, and also provides a centrally managed and audited single service for all your code signing needs and allows you to keep code signing keys protected.

SignServer enables different project members or systems to authenticate and share the same protected code signing key and certificate when signing, and also provides audit records of who signed what. SignServer can also control individual code signing keys where only one person is granted authorization.

SignServer enables code signing through various signers and plug-ins:

Authenticode for Portable Executables (PE signing)
Java (JAR signing) and Windows Installer (MSI signing)
Client-side hashing and construction for Authenticode and JAR signing
PGP signing and Debian package signing
APPX and MSIX signing
Authenticode for PowerShell Scripts and Android APK v2 and v3 Signing Schemes
Microsoft Catalog files signing

For more information on supported formats, refer to the Interoperability section.

Code Signing by Signature Type

The following sections describe how to configure signers for signing using different formats and also covers how to invoke the signer and verify the signature:

See Additional Configuration for options relevant to code signing.