Er Gouzi recently encountered a very strange incident.
On a dark and windy night for a month, the snow-colored LED lights and the changing patterns on the computer screen together reflected a colorful shadow on Ergouzi's face. The high-performance earphones shielded all external noise, leaving Ergouzi the simple and ultimate: "Double Kill! Triple Kill! Quadr Kill!" Ergouzi felt that deafening "Penta Kill" had appeared in his ears.
At this moment, I just listened to the sound of "Hum"! A bright yellow pop-up window suddenly jumped out
Ergouzi couldn't care if there was a five kill for a while, maybe it was a virus attack, and immediately started a computer killing. However, something weird came, no matter how many times Ergouzi checked and killed, how many ways he checked and killed, the source of the virus could not be found at all.
Feeling helpless, Ergouzi contacted an old friend with the mentality of just trying, and then took a picture of Miss Weiwei, the customer service sister of the cloud.
"This pop-up window is because the program does not have a code signing certificate , are you installing any programs?" Weiwei made a careful judgment and answered.
"I only downloaded my own picture storage program? So this program seems to be automatically installed after downloading!" Er Gouzi suddenly realized.
This bright yellow safety reminder is very disturbing. Is there any way to remove it? Ergouzi continued to consult Miss Weiwei.
"It's fine if you have a code signing certificate, let me tell you more about it." Weiwei replied patiently.
Code signing certificate
Code Signing Certificates are a secure digital certificate for digital verification and protection established for program code and content. It is a solution used to identify the source of software or code and the true identity of the software developer.
It allows software developers to digitally sign the software code to indicate the real identity of the developer. With the code signing certificate program, during installation, the corresponding developer name will be displayed, which is convenient for users to judge the installation. If the code signing certificate is not used, a yellow prompt box will appear like the Ergouzi above.
In addition, the use of code signing certificates has the following advantages:
- establishes a trusted identity: The digital certificate binds the identity of an individual or entity to the public key corresponding to the private key. The use of private and public key systems is called Public Key Infrastructure (PKI). The developer signs the code with his private key, and the end user uses the developer's public key to verify the developer's identity.
- Prevent malicious tampering: The code signature proves that the signed software is legal, comes from a known software vendor, and the code has not been tampered with since its release. Code signing prevents users from abandoning the installation of the application due to security warning messages, malicious changes to legal code, and the identity of the supplier author being stolen.
- eliminates security warning: eliminates "unknown publisher" security warning
- makes the software trustworthy: The certificate to indicate the software's trustworthy identity.
- Improve brand image
If you have a code signing certificate, Ergouzi will not be surprised by the yellow sign, and maybe you can type and blow after the five kills!
Weiwei also told Ergouzi that more and more software releases and platforms are beginning to require software security verification. For example, the Windows currently used by Ergouzi requires software developers to digitally sign software with a code signing certificate that can be applied to Microsoft systems.
How can I have a code signing certificate?
How to apply for a certificate
Code signing certificates are generally issued by a third-party certification authority (CA) after verifying the identity of the developer. They are divided into two types: Standard Edition and EV Professional Edition. They have different prices according to different brands and types. Software developers can Choose to buy according to your needs.
But generally speaking, recommends that you apply for DigiCert EV code signing certificate , because it not only has all the functions of a common kernel code signing certificate, but also uses more stringent extended verification. The strict certificate private key protection mechanism can effectively prevent the certificate from being illegal. Misappropriation. At the same time, DigiCert EV code signing certificate is also a certificate designated by Microsoft for kernel code signing.
At present, has cooperated with TrustAsia, the top international CA organization, to provide software developers and distributors with applications for Microsoft EV code signing certificates and standard version code signing certificates under DigiCert.
Recommended reading
Programmer's career planning and growth under the open source wave
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。