2010-03-15

Code Signing Certificate Usage for Beginners

A code signing certificate is used for digitally signing executables and other digital content you generated (.JAR, .). It can be bought from Verisign at $499 per year or from other companies and resellers. I recommend K-Software. They sell Comodo backed cerificates at around $95 per year (use Coupon Code CPN22DWN to get a discount).

The whole thing is basically a two part process:
  • Get your certificte
  • Sign a file
To get the certificate, you have to:
  • Order from a browser that you will again have access to in a few days. This is important, because your certificate is generated while ordering, but only becomes valid after the verification process is completed, which might take a few days.
  • Prove your identity by sending copies of your passport, phone bill, bank statement etc.
  • Await approval
  • Complete the process, once you have opened the final pick up link with the same browser that you ordered from, by exporting your valid code signing certificate to a .pfx file (Instructions for Firefox/IE)
  • Smile :-)
To sign a file with your new certificate:
  • Download the Windows SDK. It contains a file named signtool.exe (SignTool Syntax)
  • For ease of use, create a batch file like this:
    REM Setup:
    REM 1. Save this text as batch file named "SignNow.bat" or similar
    REM 2. Adjust paths, certificate filename and password
    REM 3. If you are not using Comodo, replace time server URL

    REM Usage: drag 'n' drop from windows explorer! :-)

    "C:\signtool.exe" sign /f "C:\Your_Certificate.pfx" /p "Your_Password" /v /t http://timestamp.comodoca.com/authenticode %1

    REM Attention: All of the bold text above has to be in ONE line

    pause
  • Make sure your PC is connected to the internet to ensure that time stamping will work
  • Drag 'n' drop your file onto the batch file
  • Smile :-)
Once you have received your certificate and generated the batch file, code signing is as easy as dropping a file and takes less than 5 seconds.

Some more detailed tutorials are available from Jeff Wilcox (English) and Oliver Grahl (German).

Happy code signing... :-)