X2Net SignCode Authenticode
Code Signing
Overview
Why Sign Code?
Starting with Windows XP Service Pack 2, every program
that is downloaded from the Internet is checked for a
Digital Signature before it runs, and if there is no valid
Digital Signature present the user gets a nasty warning
message suggesting that he may not really want to run your
program.

Now, more than ever it is necessary to sign your code
before release. When signed a less worrying dialog appears
instead...

Signing your code assures your user that you are who you
say you are, and that the code hasn't been tampered with
since you released it.
What do I need?
To sign your code you need two things, you need a program
to perform the signing operation (that's what
X2Net SignCode does)
and you need a Software Publishing Certificate (also known
as a Code Signing Certificate) from a Trusted Certification
Authority (CA).
Trusted Certification Authorities have what is known as
their "root certificate" already included with Windows.
Basically this means that Windows will trust any code signed
with a Software Publishing Certificate if it has been issued
by a Certification Authority whose root certificate it
already knows about. (This is why you can't create your own
Software Publishing Certificate to perform the signing with
- well actually you can, but because you don't have a root
certificate in the end users machine your signature won't be
trusted).
When you apply to a Trusted CA for a Software Publishing
Certificate they will take some steps to validate who you
are (usually by requesting business documents etc.) before
they issue your Software Publishing Certificate. See the requesting
a certificate page for more details of where to get your
certificate from.
Once I've got my certificate, what do I do?
Fill in all the boxes in the X2Net SignCode Graphical
User Interface (there are only seven of them), then click a
single toolbar button and you are done! If you want to
incorporate the signing process in some other process such
as an automated build rather than use the graphical
interface it will even tell you the command line you need.
Can I test it before I purchase a real certificate?
Absolutely! We provide a test Software Publishing
Certificate you can use, and even a test "root certificate"
you can install in your own system to test the whole
process. (You can't use the test certificates in code you
distribute because your users won't have our test root
certificate installed in their systems, we aren't a real
trusted Certification Authority!).
Download
the trial, or buy now at
$49.95 (US Dollars).
|