TAKE CONTROL OVER YOUR CODE SIGNING PROCESS
Code signing is used to indicate and verify the publisher of software programs and make sure the software has not been modified after publishing.
Define what will be signed
By specifying your software artifacts, you ensure that only intended code will be signed with your key.
- Define structure and content of your packages
- One-stop signing of nested packages: installers, ZIP archives, executables and libraries, extensions and add-ins
Define who can publish new releases
When a new version of an artifact is built, it is submitted to the signing process and approved.
- Manage users and permissions
- Define who can submit a release
- Define who must approve a release before signing
- Full auditing of activities and artifacts
Integrate with your development process
Seamless integration with your build and release processes.
- Submit code manually or use continuous integration
- Define separate rules and certificates for internal and release builds
- Use notifications and REST APIs
TRY IT NOW - We will guide you through
You don‘t have to become an expert for certificates, cyphers, key-strength, PKI, CRLs, timestamps or anything else that happens under the hood. But we do tell you about it and help you understand the consequences. There are some important choices that you need to make along the way, and we will guide you through them.
BENEFIT FROM BUILT-IN FEATURES
The signing process is performed in a secure and correct way
Your private keys are kept secure
Rest assured that your private keys can never be compromised.
- Create, manage and renew code signing certificates
- Private keys are automatically generated and stored in a FIPS-certified Hardware Security Module (HSM)
- HSM and servers are located in physically secured data centers
- No need to hassle with USB tokens or rely on unsafe certificate storage
Choose from many signing methods
These signing methods are currently supported:
- Authenticode: installers and executable code
- ClickOnce manifests: Smart Clients, Microsoft Office Add-ins
- Open Packaging Convention: Visual Studio extensions
- NuGet packages
- Java archives
- Cryptographically secure SHA-2 signatures
Get instant reputation with EV certificates
Benefit from the extended trust offered to Extended Validation (EV) certificates
- Get instant SmartScreen reputation, no warnings
- SignPath.io guarantees private key EV compliance
- Simple integration with build automation: no USB tokens, no drivers, no password prompts