Menu
If you search for code signing online you will get a plethora of hits regarding where to go to get your code signed with a digital cert, but no articles or documentation on when you should get your code signed or why this might be necessary. So I pose these questions:
Thanks in advance.
710
I suppose theoretically any code in any language can be signed, either as the source but more commonly the compiled binary.
Main use case that comes to mind with me is with Mobile applications (Android for this instance). You have to sign the code before publishing. You also have to keep the key store file so if you make any updates to the application and want to upload it you sign it with the same key. This is because Android checks a number of things when upgrading an application the main one being that the code signing is the same for the old and new, which as long as the key store file and its password is kept secret enough, proves it came from the same source. If someone were to modify the code in some way, the signing verification would fail.
In a nutshell signing code lets the end user / machine know where the code came from. And in the case of upgrading makes it difficult/impossible to modify code and have others download it.
Apple goes nuts with code signing for iOS and I don't fully grasp all the details but you have to get the certificates (yes more than 1) from Apple and sign with them. If you want to put the app on a testing device you need yet another certificate to sign with and install it on the device, other wise you have to get it on the App Store (subject to Apple's approval) where they probably sign it with some private key for iOS devices to know its Apple approved.
138
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
