Code Signing

Code signing is a security technology that you use to certify that an app was created by you.

On macOS the system can detect any change to the app, whether the change is introduced accidentally or by malicious code.

On Windows the system assigns a trust level to your code signing certificate which if you don't have, or if your trust level is low will cause security dialogs to appear when users start using your application. Trust level builds over time so it's better to start code signing as early as possible.

While it is possible to distribute unsigned apps, it is not recommended. For example, here's what macOS users see when attempting to start an unsigned app:

unsigned app warning on macOS

App can't be opened because it is from an unidentified developer

If you are building an Electron app that you intend to package and distribute, it should be code signed. The Mac and Windows app stores do not allow unsigned apps.

Signing macOS builds

Before signing macOS builds, you must do the following:

  1. Enroll in the Apple Developer Program (requires an annual fee)
  2. Download and install Xcode
  3. Generate, download, and install signing certificates

There are a number of tools for signing your packaged app:

For more info, see the Mac App Store Submission Guide.

Signing Windows builds

Before signing Windows builds, you must do the following:

  1. Get a Windows Authenticode code signing certificate
  2. Install Visual Studio 2015/2017 (to get the signing utility)

You can get a code signing certificate from a lot of resellers, popular ones include:

  • digicert
  • Comodo
  • GoDaddy
  • Amongst others, please shop around to find one that suits your needs, Google is your friend :)

There are a number of tools for signing your packaged app:

Windows Store

See the Windows Store Guide.

© 2013–2018 GitHub Inc.
Licensed under the MIT license.