Jersey City, New Jersey (PressExposure) November 18, 2009 -- Buying or borrowing software on the Internet carries risks, both for the developer and for the person who plans to use it. End users who install malicious software in their computers may lose their purchase price. Worse, they may risk damaging their computers. Developers risk that someone may intercept their software file and alter it, adding deleterious code. Such alterations could damage their professional reputations.
Developers who sell or exchange software can protect their code and their reputations by using code-signing certificates. Code-signing certificates create X.509 data files called âsignaturesâ that developers can attach to their software files. The signature disappears from the software if anyone (including the developer) alters the code.
The digital signature functions as tamper-proof packaging for intangible files exchanged on the Internet; absence of packaging signals a quality problem.
Code-signing certificates protect end users who purchase software from unfamiliar developers, or who download it from open sources. Major browsers now check for code-signing certificates when Internet users download software; if the software is unsigned, the browser shows the Internet user a warning message.
By the same token, code-signing certificates protect developers. Software that appears to come from an honest developer might have been altered to delete important files once installed, or to cause similar problems. The digital signature verifies that the file does, indeed, come unaltered from the developer, and that it has not been changed.
Code-signing certificates can be especially useful for open-source developers, posting their software on bulletin boards for anyone to use or modify. Such developers build reputations based on the quality of their software; their digital signatures prove that the posted software is truly theirs.
Code-signing certificates are available for terms of one to three years, and may be used to sign as many files as a developer can produce during that span.
For more information about code-signing certificates, visit http://www.instantssl.com/code-signing/code-signing.html