What is “code signing”?

//What is “code signing”?
What is “code signing”?2018-03-02T16:27:00+00:00

What is “code signing”?

Code signing is the process of digitally signing executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was signed. The process employs the use of a cryptographic hash to validate authenticity and integrity.

Developers must buy a code signing certificate from a Certificate Authority such as Comodo, GlobalSign or Digicert which typically costs a few hundred pounds (£) per year. Using that certificate, however, the developer can “sign” an executable file and upload it to a website. Users who download that software can then be assured the executable is genuine. Equally, and perhaps more importantly, their computers operating system (Windows, OSX or Linux) will also happily execute the program without showing alarming messages, or perhaps prevent it from not running at all.

Quickhash Codesigned Dialog

Corporates and government agencies, whose computer system are often heavily configured to disallow any software running that is not digitally signed, can also therefore benefit from a code signed executable of QuickHash, whereas before they could not.

However, even open-source developers who give their software away freely have to pay for such a certificate. I have to pay over £250 per year for the code signing certificate that I use to digitally sign QuickHash. To recoup those costs, I ask for a small payment to download the code-signed version of QuickHash. It is as simple as that. You are paying a small fee for the assurance and convenience of getting code signed software. If that is not necessary for you, just use the free unsigned version. Any profit gained each year goes towards the AWS web hosting costs. Any profit after that will most likely be donated to dog related charities for which I am fond.

Read the results of the survey that formed the decision to make QuickHash available as code signed