Code Signing

Bruce Morton

Although this is the Entrust Insight SSL Blog, Entrust Certificate Services issues other types of certificates such as Code Signing, Adobe CDS and Client S/MIME. The purpose of this post is to kick off a series on Code Signing. When the series is completed, this post can be used as an index to all other related posts.

Here is what we plan to cover:

  1. Why Code Sign?
  2. What is Code Signing?
  3. Verifying Code Authenticity
  4. How to Code Sign
  5. Code Installation Trust Decision
  6. Time-Stamping
  7. Self-Signed Versus Trusted CA Certificates
  8. Code Signing Best Practices
  9. Application Reputation

The above list may change as the articles are written. Reader feedback would be greatly appreciated to help refine the topics.

Entrust offers Code Signing certificates to sign and certify the following:

  • Authenticode (most Microsoft® Windows® platforms)
  • Java
  • Microsoft® Office® macros and Visual Basic script
Bruce Morton
Bruce Morton
Director, Certificate Technology & Standards

Bruce Morton has worked in the public key infrastructure and digital certificate industry for more than 15 years and has focused on SSL and other publicly trusted certificates since 2005. He has been an active member of the CA/Browser Forum that released guidelines for extended validation (EV) certificates and Baseline Requirements for SSL certificates. Bruce oversees the governance and compliance of Entrust’s publicly trusted PKI.


Add to the Conversation