Skip to main content

Signature metadata preferences

These settings provide flexibility and customization options when signing code or files. Depending on your security and verification requirements, you can enable or disable these options as needed to meet your specific needs.

  1. Sign in to DigiCert ONE.

  2. Select the Manager menu (top right) > Software Trust.

  3. Navigate to: Account > Account settings.

  4. Select the edit icon.

  5. Scroll down to Signature metadata.

  6. You can edit the following account settings related to releases:

    Field

    Description

    All

    Select this checkbox to include all the metadata below when signing.

    Checksum after signature

    Enabling this option generates and stores a checksum (a hash value) of the signed file after the code signing process. The checksum provides a way to verify the integrity of the file after it has been signed.

    Checksum before signature

    Enabling this option generates and stores a checksum before the code signing process. It can serve as a baseline for verifying the file's integrity before it was signed.

    Digest algorithm

    Enabling this option specifies the cryptographic hash algorithm used to create the hash value (checksum) for the file.

    File location

    Enabling this option includes the specific the location or path where the signed file should be saved after the code signing process is completed.

    File name

    Enabling this option allows you to configure the name of the signed file to determines what the signed file will be named once the signing process is done.

    Signing tool

    Enabling this option includes information about the tool or software used for code signing. It may include details about the version of the signing tool, its issuer, or other relevant information.

    Timestamp

    Enabling this option includes a timestamp in the digital signature. The timestamp indicates when the signature was applied to the file. It helps ensure the validity of the signature even if the certificate used for signing expires.

    Timestamp URL

    Enabling timestamping allows you to specify the URL of the timestamping authority or service that provides the timestamp. Timestamps are used to prove that the signature was applied at a particular time, which is important for long-term verification.

    Tip

    DigiCert timestamp URL is: http://timestamp.digicert.com

  7. Select Update settings.