What is Code Signing and how does it work?
Code Signing certificates are digital signature certificates used to sign the source code of an executable.
Code Signing certificates ensure that the code has not been tampered with by third parties and identifies the organization that issued the code.
To sign an executable, use the ActalisCodeSigner tool or a compatible signature software.
Why should you use Code Signing?
Code Signing should be used to sign all your software, such as installation packages, dynamic libraries or apps.
What types of Code Signing certificates are there?
There are two types of Code Signing certificates:
- Organization Validated (OV). The Certification Authority (CA) verifies your organization: company details will be shown in the certificate.
- Extended Validated (EV). Only valid for Windows. Only Microsoft can authorize CAs to issue this type of certificate. Actalis is not authorized to issue this type of Code Signing certificate.
How to sign an executable using ActalisCodeSigner
ActalisCodeSigner is a command-line client you can use to sign executable files and scripts with the username and password linked to your Code Signing Certificate. It can be used on Windows and Linux.
It supports the following signing algorithms:
- MD5 and SHA1 (discontinued for security reasons in the most recent Java editions)
- SHA-256
ActalisCodeSigner does not require installation: to use it, extract the application archive to a system folder and launch the command-line command. Read the manual to learn about the list of commands you can use.
When you launch a command, use the username and password for your Code Signing Certificate:
- following the -fu parameter, enter the username.
- following the -fp parameter, enter the password sent in the Certificate issue confirmation email, not the one sent for the .p12 file.
Do not use your web account user details.
If you are unable to sign in, read the documentation or open a support request.