Navigation: Learn About All Features > Security > Code Signing (Digital Signatures) |
|
Digital signing, also known as code signing, plays a vital role in assuring end users that your publication or ebook has not been tampered with. HTML Executable provides seamless integration for signing your compiled publication .exe files, instilling confidence in your users and protecting the integrity of your work.
Ensuring Authenticity with Digital Signatures
Digital signing utilizes Microsoft Authenticode® technology to establish the authenticity of your publication. When users download your signed publication or HTML application, they are presented with a digital certificate, confirming that the file is genuine and has not been altered. Code signing also helps to minimize false positives from some antivirus software.
For unsigned publications, Windows displays a warning message to caution users:
How to Obtain a Code Signing Certificate
To sign your publication, you need a valid code signing certificate from a trusted certificate authority (CA) such as Sectigo or Verisign.
Steps for Code Signing
HTML Executable simplifies the code signing process with an integrated utility, GSignCode.exe. No third-party software installation is required. Follow these steps to sign your publication:
1)Specify the location of your code signing certificate, either by providing the path to the Personal Information Exchange (PFX) file or selecting the certificate from the Windows Certificate Store.
2)If using a PFX file, enter the associated password for added security.
3)Alternatively, you can specify the certificate's subject name or thumbprint for direct access from the Windows Certificate Store.
Dual Code Signing and Digests
Dual code signing with SHA-256 and SHA-1 digests is recommended for compatibility across different Windows versions. HTML Executable handles dual code signing by default on Windows 8 and later. On Windows 7, SHA-256 is used by default, while earlier versions use SHA-1.
Publication Information URL
Include a URL in your digital certificate to direct users to learn more about your product or company. If not specified, HTML Executable uses the default URL from the Icon / Version page.
Digital Signature Timestamp
A time stamp is added to your ebook or publication, ensuring that the embedded digital signature never expires. Ensure that your system has an Internet connection during the signing process for time-stamping purposes.
Two timestamp servers are used: an Authenticode-compatible server and a RFC-3161-compatible server. You can configure their URLs in the Environment Options.