Home » Software Security Blog » Digitally Sign your Adobe Air based Applications with Adobe Air Code Signing 
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

If you’re the organization or web developer who develops Adobe Air based applications, it’s important to sign your applications before publishing to avoid warning messages such as Unknown Publisher.
For Example: Unsigned Application

unsigned publisher

Unsigned

For signing applications, Adobe Code Signing Certificates are provided by globally known Certificate Authorities, which helps users to figure out that the application they have downloaded has come from a trusted source and that it’s not tampered with since it was signed. Hence, no warning message is displayed, which helps to build a reputation as well.

For Example: Code Signing

verified publisher

Code Signing – Verified

Here, at CodeSigningStore.com, Adobe Code Signing Certificates are provided by globally known Certificate Authorities such as Thawte, which also helps you to sign different types of Adobe Air Applications such as Flex SDK, Flex Builder & Dreamweaver.

How Adobe Code Signing Works

A digital signature is installed in the file whenever an AIR file or application is signed. This signature includes a digest package which helps to verify that the AIR file is genuine and not altered since its signing. It also consists of the signing certificate information, which allows for verifying the publisher identity.

To establish trust with the operating system’s certificate store, Adobe AIR uses PKI (Public Key Infrastructure). So, for the verification of the public information, the installed AIR application must directly trust the certificate that was used to sign an AIR application or else it must trust a certificate’s chain, which links the certificate with a trusted Certificate Authority. Lastly, if it fails to chain with trusted root certificates such as the case with self-signed certificates, then the publisher information will not be verified.

Time Stamping Adobe Air Applications

Time stamping in Adobe Air applications is important like with any other applications. If you fail to Time-stamp, users will get a warning once the Code Signing Certificate that was used to sign an Adobe Air Application expires.

Supported Formats:

All the keystores that can be accessed through the JCA (Java Cryptography Architecture), are accepted by AIR signing tools, which includes file-based keystores like PKCS12 file format (.pfx or .p12 file extension), PKCS11 hardware & system keystores. Apart from that, the Adobe AIR Developer Tool (ADT) can access depending upon the configuration & version of the JRE used while running ADT. However, all the branded Code Signing Certificates such as Comodo, Sectigo, Symantec and Thawte support AIR file signing.

Features of Using Adobe Code Signing Certificate

  • Digitally sign .air or .airi files.
  • Helps in showing Code Validation & Software Identity.
  • Helps you pass through prerequisite online security aspect which is required by all the AIR-based applications.
  • Ensures software modification is not possible.
  • Brand protection.