Insights From an Indie Developer Regarding Code-Signing for Windows

Code signing indicates to an end user where / who an executable binary came from and that it has not been modified along the way. That's what it is, that's what it does, that's what it's for.

Both Apple and Microsoft have built systems on top of this concept to encourage developers to code sign their software. While at a glance these systems seem optional, the unspoken reality is that commercially available software needs to be code signed.

While building my software products I found information available regarding Microsoft Authenticode signing to be sparse. Perhaps I can shed some light, perhaps I'm full of crap — let's find out! Read More…