F-Secure code signing

Digital Code Signing

F-Secure signs installer packages and binary files digitally with code signing certificates obtained from trusted certification authorities. This is one way to assure anyone downloading and installing products from F-Secure that the downloaded package is prepared and coming from F-Secure Corporation and is unaltered. Microsoft Windows and Apple OS X operating systems check the digital signatures automatically when you start software installation but you can also check the signatures manually. Here is some basic information about the certificates we use for Windows and OS X code signing and some hints to the tools that can be used to show information about the signatures.

Windows code signing

Standard Authenticode certificate

  • Common name: F-Secure Corporation
  • Organization: F-Secure Corporation
  • SHA1 fingerprint: 35 D8 A1 37 2C A4 02 B0 C8 A4 39 BB 8A 31 1F 29 39 99 E8 AB
  • SHA256 fingerprint: AD 5F D7 86 36 44 26 C8 37 93 D5 48 EB B5 1F 47 93 EB 09 D4 A7 42 9A 87 59 E1 63 40 C1 D6 BE 80
  • Issued by: GlobalSign CodeSigning CA - G2 issued by GlobalSign Root CA

Extended Validation Authenticode certificate

Issuing an Extended Validation certificate requires extensive verification of the certificate requester's identity and the subject field of a certificate reflects this.

  • Common name: F-Secure Corporation
  • Organization: F-Secure Corporation
  • SHA1 fingerprint: 5F 82 67 96 43 A4 07 97 F9 14 92 46 24 F2 67 62 4B 98 BD F5
  • SHA256 fingerprint: EF AD 46 D3 E1 5B D7 30 35 B7 DF 17 9F 3A 9D 1B E2 D2 4C E5 3B 4E 36 C7 FB 45 02 65 AD 46 2C D4
  • Issued by: DigiCert EV Code Signing CA (SHA2) issued by DigiCert High Assurance EV Root CA

Use Windows Explorer to view "Digital Signatures" tab in file properties.

To manually check the signature of an installer package use

signtool.exe verify /pa /v [filename]
from command line. Signtool utility is available as part of Microsoft Windows SDK.

To check the SHA256 fingerprint of a certificate, first export the certificate from a file using Windows Explorer using Copy to File... in Certificate properties. Then use

openssl.exe x509 -in [certificate_file] -inform der -noout -fingerprint -sha256
to get the fingerprint.

Files signed with either of these certificates have also been time stamped with GlobalSign or DigiCert certificates respectively.

macOS code signing

Installer certificate

  • Common name: Developer ID Installer: F-Secure Corporation
  • Organization: F-Secure Corporation
  • Organizational Unit: 6KALSAFZJC
  • SHA1 fingerprint: 6B 8A 26 62 64 D1 B4 5A 49 03 C2 69 3E 59 6D A0 63 80 74 C0
  • SHA256 fingerprint: 46 61 84 AF DC C7 2F 07 98 24 BD 25 57 FB DF FA F9 92 A1 48 98 A6 92 3C 5D E3 B0 CD 01 64 7B AF
  • Issued by: Developer ID Certification Authority issued by Apple Root CA

Application certificate

  • Common name: Developer ID Application: F-Secure Corporation
  • Organization: F-Secure Corporation
  • Organizational Unit: 6KALSAFZJC
  • SHA1 fingerprint: D7 34 B1 F3 C0 BC 79 95 95 6A FD DD A3 78 1C CF FA 85 E0 8B
  • SHA256 fingerprint: 54 DE 5B 6F 35 6E 8A 1A D2 53 90 4C 81 41 8E 77 B0 F2 32 9C FB E3 4E ED 75 4E 84 CE 2D 57 9E 41
  • Issued by: Developer ID Certification Authority issued by Apple Root CA

New certificates from August 2017 onwards:

Installer certificate

  • Common name: Developer ID Installer: F-Secure Corporation (6KALSAFZJC)
  • Organization: F-Secure Corporation
  • Organizational Unit: 6KALSAFZJC
  • SHA1 fingerprint: 62 9C C0 72 D5 2C 43 1A C4 B8 35 7E 81 88 D5 8C 9F F4 D9 77
  • SHA256 fingerprint: A8 B5 DE F6 0F 91 50 5B 53 29 C4 81 C9 5C A3 DB 05 73 4B D5 41 39 0B 50 11 EB 65 5D 78 0E 93 6E
  • Issued by: Developer ID Certification Authority issued by Apple Root CA

Application certificate

  • Common name: Developer ID Application: F-Secure Corporation (6KALSAFZJC)
  • Organization: F-Secure Corporation
  • Organizational Unit: 6KALSAFZJC
  • SHA1 fingerprint: 90 EC CA 60 74 05 51 19 99 1D 27 B9 A3 A1 2E 84 6D 3C 9A 78
  • SHA256 fingerprint: B5 73 52 D7 2A 92 E9 86 62 29 DF 5B 94 8F 98 D1 19 64 78 AF 57 FA 82 BD 58 85 44 52 5E 72 F3 56
  • Issued by: Developer ID Certification Authority issued by Apple Root CA

Open the installer package in Finder and click the lock icon on the upper right corner of the installer window to view the certificate information.

To manually check the signature of an installer package use

pkgutil --check-signature [filename]
from command line. This command is usable also for mounted application bundles. The organizational unit can also be viewed with command
codesign --display --verbose=3 [application]
that reports it as TeamIdentifier value along with a time stamp. Pkgutil and codesign utilities are part of standard OS X installation.

To check the SHA256 fingerprint of a certificate, first mount the disk image (.dmg) and then export the certificate from the application using command

codesign --display --extract-certificates /Volumes/[mount]/[application.app]
. Then use
openssl x509 -in codesign0 -inform der -noout -fingerprint -sha256
to get the fingerprint.

About other signatures

Certain components in our solutions are licensed from our technology partners and a small number of files is signed by these partners.

Pricing & Product Info

For product info and pricing please go to the F-Secure product page

Version history
Revision #:
16 of 16
Last update:
Tuesday
Updated by:
 
Tags (1)