A long time ago my employer needed to sign a shrink-wrapped software package using Authenticode. This was my first experience with code signing. Below I summarize what code signing is, why it matters, the 2023 HSM requirements, and practical options for signing in local and CI environments. I have used Azure Key Vault for HSM-backed signing. What is code signing and why use it? A digital signature is an encrypted checksum of a file. It can be verified with the public key to ensure the file was not modified after signing and that the signer controls the corresponding private key. ...