Creating and using a code signing certificate for Windows application development
I recently developed a couple of plugins for Microsoft IE and Firefox/Mozilla Browsers. People these days (myself included) are getting more and more paranoid about software running on their machines. I want to know that any code running on my machine has not been tampered with in any way. In the case of Microsoft IE, it loudly complains if you try to load a plugin that is not digitally signed. We are only going to see more and more use of signed apps now that Microsoft is making it a requirement for 64 bit drivers in Windows 7.
In my travels I’ve gathered a fair amount of information about public key cryptography, document and code signing and specifically (and more usefully) how this is performed for Windows development. I’ll give a brief (for dummies style) intro to signing and a walk through of how to buy and sign code from start to finish. (at least as far as it worked for me) Its my hope that this might be the only article a developer needs to read if they want to produce a signed executable for Windows.