Symantec helps you deliver your apps and code to more customers on more platforms than any other provider. More developers and publishers rely on Symantec, the most recognized and trusted Certificate Authority (CA) worldwide, than any other CA. Our robust authentication practices, public key infrastructure and technical support teams help ensure a safe, secure experience for you and your customers.
Digital signatures use public key cryptography technology to secure and authenticate code.
How Code Signing Protects Your Intellectual Property and Reputation
A developer adds a digital signature to code or content using a unique private key from a code signing certificate.
When a user downloads or encounters signed code, the user’s system software or application uses a public key to decrypt the signature.
The system looks for a “root” certificate with an identity that it trusts or recognizes to authenticate the signature.
The system then compares the hash used to sign the application against the hash on the downloaded application.
If the system trusts the root and the hashes match, then the download or execution continues.
If the system does not trust the root or the hashes do not match, the system interrupts the download with a warning or the download fails.