SecPlusTrainer / Glossary / What is a signing certificate?
D5 · Crypto

What is a signing certificate?

A signing certificate contains a private key used for digital signatures — code signing (software authenticity), email signing (S/MIME), and document signing. Key usage extensions specify permitted uses.
Code signing certificates are high-value targets — compromised signing certificates were used in SolarWinds and Stuxnet attacks. Extended Validation (EV) code signing certificates require organizational vetting and provide more trust.

Related Terms

How does asymmetric key exchange work in TLS? What is a block cipher? What is CBC mode encryption? What is the certificate lifecycle?
← Back to Glossary Practice Questions →