SignPath

Free Code Signing for Open Source software

No more installation warnings. SignPath Foundation provides you with a code signing certificate that provides a clear link between your repository and the published binary.

Apply

The open source community trusts SignPath Foundation

  • stellarium
  • image/svg+xml
  • Layer 1 Lite DB
  • Flameshot
  • image/svg+xml GITEXTENSIONS GitExtensions GITEXTENSIONS Git Extensions

View all projects  

The Challenge

Getting a code signing certificate for your OSS project is difficult:

  • You have to go through a cumbersome process with a certificate authority to verify your identity or find an organization that vouches for you.
  • The certificate is issued to you personally and not to your project.
  • Your users have no means of verifying that the software they install was built from the OSS repository.
  • The private key you receive is on a USB token, impossible to plug into your cloud-based build processes.
  • You have to pay fees for every certificate issuance or re-issuance.

The Solution

  • SignPath Foundation provides you with a code signing certificate.
  • No need for personal identification, we verify that the binary was built from your open source repository and vouch for that with our name.
  • By using SignPath.io for code signing, the private key of your certificate is securely generated and stored on our Hardware Security Module (HSM).
  • Integration in your automated build process is simple.
  • For OSS projects, our services are free of charge.