Code signing is the cryptographic process of digitally signing executables, scripts, and software artifacts to confirm the software author's identity and guarantee that the code has not been altered or corrupted since it was signed. It relies on public key infrastructure (PKI) , where a developer uses a private key to generate a unique signature, and end-users verify it with the corresponding public key.
Glossary
Code Signing

What is Code Signing?
Code signing is a cryptographic process that applies a digital signature to executables and scripts, verifying the publisher's identity and ensuring the code hasn't been tampered with since signing.
This mechanism is a foundational control in AI supply chain security, ensuring that model artifacts, inference servers, and agentic tooling have not been compromised by a supply chain attack. By validating a signature against a trusted certificate authority, a system can enforce binary authorization policies, blocking the execution of unsigned or tampered code in production environments.
Key Properties of Code Signing
Code signing establishes a digital chain of trust by binding a software artifact to its publisher through public key cryptography. These core properties ensure executables and scripts remain unaltered from build to execution.
Authentication of Origin
Code signing cryptographically binds the identity of the publisher to the software artifact. A digital certificate issued by a trusted Certificate Authority (CA) validates the author's organizational identity.
- Uses X.509 certificates to link a public key to a verified entity
- Extended Validation (EV) certificates require rigorous vetting and enable SmartScreen reputation acceleration
- Prevents attackers from distributing malware under the guise of a trusted software vendor
Integrity Verification
A cryptographic hash digest of the code is generated and encrypted with the publisher's private key. Any modification to the executable—even a single bit—invalidates the signature.
- Common algorithms: SHA-256, SHA-384, SHA-512
- The operating system recalculates the hash at runtime and compares it against the decrypted signature value
- Detects tampering, corruption, or man-in-the-middle alterations during distribution
Non-Repudiation
Once a software artifact is signed with a private key, the publisher cannot plausibly deny having produced that artifact. The signature serves as a legally admissible forensic artifact.
- Private keys must remain under exclusive control of the signing entity
- Hardware Security Modules (HSMs) enforce single-use access policies
- Provides an auditable trail for compliance frameworks like FedRAMP and SOC 2
Timestamping
A trusted timestamp authority (TSA) countersigns the signature with a verifiable time token. This proves the code was signed while the certificate was still valid.
- Enables long-term validation even after the original certificate expires
- Compliant with RFC 3161 standards for cryptographic timestamps
- Critical for archival software and regulated industries requiring multi-year signature verifiability
Trust Chain Validation
The operating system validates the signature by traversing a hierarchical chain of trust from the signing certificate up to a trusted root CA embedded in the system's trust store.
- Intermediate CAs bridge the end-entity certificate to the root
- Revocation checks via CRL (Certificate Revocation List) or OCSP (Online Certificate Status Protocol)
- A broken chain—expired, revoked, or untrusted—triggers security warnings like Windows SmartScreen or macOS Gatekeeper
Dual-Signature Support
Modern signing tools support embedding multiple signatures in a single artifact, enabling backward compatibility with legacy systems while maintaining modern cryptographic strength.
- Example: Signing with both SHA-1 (for Windows 7) and SHA-256 (for Windows 10+)
- Facilitates gradual deprecation of weaker algorithms without breaking older clients
- Tools like SignTool and osslsigncode natively support dual-signing workflows
Frequently Asked Questions
Clear, technically precise answers to the most common questions about the cryptographic signing of software artifacts, digital certificates, and supply chain integrity verification.
Code signing is the cryptographic process of digitally signing executables, scripts, and software packages to confirm the software author's identity and guarantee that the code has not been altered or corrupted since it was signed. The process works by generating a one-way cryptographic hash of the software artifact. This hash is then encrypted with the developer's private key, creating a digital signature. The signature is bundled with the software. When a user or operating system receives the software, it uses the developer's publicly available public key (distributed via a digital certificate issued by a trusted Certificate Authority) to decrypt the hash and compare it against a freshly computed hash of the received artifact. If the hashes match, the signature is valid, proving both the author's identity (authenticity) and that the code has not been tampered with (integrity). This process relies on public-key cryptography, typically using algorithms like RSA or ECDSA.
Code Signing in Practice
The operational mechanisms and trust architectures that transform a digital signature from a mathematical concept into a verifiable, tamper-proof guarantee of software authorship and integrity.
The Digital Signature Algorithm
Code signing relies on asymmetric public-key cryptography. A developer generates a private key (kept secret) and a public key (widely distributed). The signing tool creates a unique cryptographic hash of the code, which is then encrypted with the private key to form the digital signature. The end-user's system decrypts this signature using the public key and compares the resulting hash against a freshly computed hash of the downloaded code.
- Hash Function: Typically SHA-256 or SHA-384, producing a fixed-size digest of the executable.
- Signature Creation: The hash is encrypted with the signer's private key.
- Verification: The client decrypts with the public key and validates the hash match.
- Result: A mismatch indicates even a single-bit alteration or corruption since signing.
Public Key Infrastructure (PKI) Trust Chain
A raw public key is meaningless without a mechanism to bind it to a verified identity. Code signing uses a hierarchical Public Key Infrastructure (PKI). A Certificate Authority (CA) vouches for the developer's identity by issuing an X.509 code signing certificate. This certificate chains up to a trusted root CA certificate pre-installed in operating systems and browsers.
- Root CA: The ultimate trust anchor (e.g., DigiCert, Sectigo).
- Intermediate CA: Issues end-entity certificates, insulating the root.
- Code Signing Certificate: Binds the developer's verified identity to their public key.
- Extended Validation (EV): Requires rigorous identity vetting and stores keys on a physical hardware token (FIPS 140-2 Level 2).
Timestamping for Long-Term Validity
Digital certificates have a finite validity period. To prevent signatures from becoming invalid when a certificate expires, code signing incorporates trusted timestamping. At the moment of signing, a hash of the code is sent to a Time Stamping Authority (TSA) , which countersigns it with a trusted timestamp token.
- Purpose: Proves the code was signed while the certificate was valid.
- Mechanism: The TSA's signature freezes the state of the signature at a specific point in time.
- Longevity: Allows the signature to be verified years later, even after the original certificate has expired or been revoked.
- RFC 3161: The standard protocol governing trusted timestamping.
Hardware Security Modules (HSM) & Key Protection
The private key is the crown jewel of the code signing process. Its compromise allows an attacker to sign malware as if they were the legitimate publisher. Hardware Security Modules (HSMs) provide a tamper-resistant environment for key generation and storage, ensuring the private key can never be exported in plaintext.
- FIPS 140-2 Level 3: The standard for physical and logical key protection.
- Key Ceremony: A multi-person, audited process for initializing and backing up HSM keys.
- Signing as a Service: Cloud HSMs (e.g., AWS CloudHSM, Azure Dedicated HSM) allow CI/CD pipelines to request signatures without direct key access.
- Result: Even if a build server is breached, the attacker cannot extract the signing key.
Platform Verification: Gatekeeper & Authenticode
Operating systems enforce code signing policies at runtime. Apple Gatekeeper on macOS blocks unsigned applications by default, requiring notarization for software distributed outside the App Store. Microsoft Authenticode on Windows validates signatures against the WinTrust API, displaying publisher information in User Account Control (UAC) prompts.
- Apple Notarization: An automated service that scans signed software for malicious content and issues a ticket stapled to the app.
- Microsoft SmartScreen: Builds reputation for signed binaries; EV-signed code gains reputation faster.
- Linux Integrity Measurement Architecture (IMA): Extends the verified boot concept to userspace, appraising file signatures against a custom policy.
- Android APK Signature Scheme v4: Enables streaming-aware, fs-verity compatible integrity protection.
CI/CD Integration & Sigstore Keyless Signing
Modern DevSecOps pipelines automate code signing as a critical stage. The Sigstore project introduces keyless signing using OpenID Connect (OIDC). Instead of managing long-lived private keys, a short-lived ephemeral key pair is generated, the public key is bound to an OIDC identity (e.g., a GitHub Actions workflow), and the event is recorded in a public transparency log (Rekor).
- Cosign: The CLI tool for signing containers and blobs with Sigstore.
- Fulcio: The root CA issuing short-lived certificates based on verified OIDC tokens.
- Rekor: An immutable, append-only transparency log that makes signing events auditable.
- Benefit: Eliminates the key management burden while providing a verifiable chain of custody.
Code Signing vs. Related Concepts
A comparison of cryptographic and policy-based mechanisms used to verify artifact integrity and provenance across the software supply chain.
| Feature | Code Signing | SLSA Framework | Binary Authorization |
|---|---|---|---|
Primary Objective | Verify author identity and artifact integrity | Prevent tampering across the entire build pipeline | Enforce deploy-time policy based on attestations |
Cryptographic Signature | |||
Prevents Tampering in Transit | |||
Prevents Tampering During Build | |||
Enforces Deployment Policy | |||
Key Management Model | Long-lived private keys or OIDC-based ephemeral keys | Defined roles with separate signing keys per step | Trusted authority keys validated at admission |
Typical Implementation | Sigstore/Cosign, Authenticode, GPG | In-toto attestations, reproducible builds | OPA/Gatekeeper with signature verification |
Scope of Assurance | Single artifact at a point in time | End-to-end pipeline provenance | Runtime admission control |
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Related Terms
Code signing is a foundational element of a broader software supply chain security posture. These related concepts form the ecosystem that verifies artifact authenticity and prevents tampering.
Software Bill of Materials (SBOM)
A formal, machine-readable inventory of all components, libraries, and dependencies that constitute a software artifact. An SBOM provides the nested dependency graph that code signing alone cannot reveal.
- Enables precise vulnerability mapping to specific components
- Formats include SPDX and CycloneDX
- Required by U.S. Executive Order 14028 for federal vendors
Binary Authorization
A deploy-time security control that enforces strict policy checks before a container image or artifact can execute in production. It acts as the enforcement gate that validates code signatures.
- Requires valid cryptographic signature from a trusted authority
- Integrates with Kubernetes admission controllers
- Prevents deployment of unsigned or unauthorized images even if an attacker gains registry access
Transparency Log
An append-only, cryptographically verifiable public ledger that records digital signing events. This makes certificate issuance auditable and detectable if compromised.
- Built on Merkle tree data structures for efficient verification
- Enables monitoring for unauthorized certificate issuance
- A core component of Certificate Transparency and Sigstore's Rekor

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us