How does a Verisign code signing certificate work?
Code Signing Certificates depend on a digital signature technology, which is issued by an internationally trusted third party called Certificate Authority (CA). A Code Signing Certificate from a trusted Certificate Authority (CA) will identify the software and publisher as trustworthy. For example, VeriSign / Symantec and Thawte utilize digital IDs for application designers. When a programmer applies for a digital ID, it is necessary to provide confirmation of identification.
http://www.dailyhostnews.com/what-is-a-code-signing-certificate-and-how-does-it-work
Code and content signing is based on public key cryptography. A developer or software publisher uses a private key to add a digital signature to code or content. Software platforms and applications use a public key to decrypt the signature during download and compares the hash used to sign the application against the hash of the downloaded application. Signed code from a trusted source may be automatically accepted or a security warning may require the end user to view the signature information and decide whether or not to trust the code.
