Timestamping can permanently preserve the code signing certificate. Using a timestamping server, the software gets the current date impressed upon it as it is downloaded.
Dates are an important part of documentation, whether on paper or online. If you’re looking at your bills, you should be aware of when it was sent and when the money is due. The electric company, your creditors, and the IRS all include date references in their correspondence. Some things come with deadlines, and others – like lottery tickets – actually expire.
Dates are important with software too. Digital certificates expire after a set period, and that can cause serious problems for your organization – especially if a software developer neglected to timestamp the certificate.
Code Signing Certificates Expire
Digitally signing software code is a way to ensure that what the user receives has come from a valid source and has not been tampered with. But when developers purchase code signing certificate from a Certificate Authority, the life of the certificate is usually limited to 1-3 years.
Suppose you buy a piece of software in November of a given year. Things get busy – what with the holidays and all – and your expensive software package sits idly in a folder on your computer, waiting to be installed. When you finally get around to installing it in January, you become extremely frustrated when you find out that the digital signature accompanying your software has expired. That’s one way for a developer to be sure to have unhappy customers.
Timestamping Keeps The Date
It may seem like an extra and unnecessary step, but it’s one that coders should always include in the software development process. Timestamping can permanently preserve the code signing certificate. Here’s the way it works.
Using a recognized timestamping server, such as those offered by Comodo, Digicert, or Sectigo, the timestamped software gets the current date impressed upon it as it is downloaded. This timestamp stays with the software indefinitely. And if the digital certificate was valid on the date of the download, the user will be permitted to install the software at any time down the road. Otherwise, the software looks to the date and time of the user’s PC upon installation – and that’s where the expiration error come in.
Valid Executables
Computer workstations and servers are meant to be cautious when it comes to downloading and installing software. That’s why the practice of validating software with code signing certificates began. But a confirmation of the source and integrity of the software download is not enough. It must also be valid as to time.
Code signing certificates expire for many reasons. For one thing, it keeps everything fresh. A software package that is four or five years old may have been created and signed by coders or companies that no longer exist. At least if your software is timestamped, then there is verification that the software was valid and in circulation at the time of download.
Best Options to Get Trusted Code Signing Certificate
You should choose code singing certificate from trusted certificate authority who are permitting you to timestamp your signed code.
Certificate Name | Type | Price |
---|---|---|
Comodo Code Signing Certificate | OV | $226.10/yr |
DigiCert Code Signing Certificate | OV | $380.00/yr |
Comodo EV Code Signing Certificate | EV | $296.65/yr |
Conclusion
There are other use cases for the timestamping of digital certificates. Stock trades, for instance, make use of the practice because of the sensitivity of the financial transactions. Online legal documents and transactions also benefit from associated timestamping. Timestamping a digital certificate is part of the best practices that every coder should use in their daily development and distribution of software applications.
Related Articles:
- What is Code Signing Certificate?
- EV Code Signing vs. Regular Code Signing
- Free Code Signing Certificate – Where Can I Get It?
- Code Signing Certificate vs. SSL Certificate
- The Detailed Guide to Code Signing Certificate Best Practices
- Code Signing Certificate – Upgrade Security with 3072-bit Key Length