Free Code Signing for Open Source software
No more installation warnings. SignPath Foundation provides you with a code signing certificate that provides a clear link between your repository and the published binary.
The Challenge
Getting a code signing certificate for your OSS project is difficult:
- You have to go through a cumbersome process with a certificate authority to verify your identity or find an organization that vouches for you.
- The certificate is issued to you personally and not to your project.
- Your users have no means of verifying that the software they install was built from the OSS repository.
- The private key you receive is on a USB token, impossible to plug into your cloud-based build processes.
- You have to pay fees for every certificate issuance or re-issuance.
The Solution
- SignPath Foundation provides you with a code signing certificate.
- No need for personal identification, we verify that the binary was built from your open source repository and vouch for that with our name.
- By using SignPath.io for code signing, the private key of your certificate is securely generated and stored on our Hardware Security Module (HSM).
- Integration in your automated build process is simple.
- For OSS projects, our services are free of charge.