When you choose to IronWrap your application, you have the choice of signing the re-linked binary using a digital code signing signature.  Code signing is the process of digitally signing executables (and other binaries) to confirm the software author and guarantee that the code has not been altered or corrupted since it was signed by use of a checksum. Alone, the digital signature verifies (by manual inspection of the certificate only) whether or not the signature matches the binary (IE: determines if it has been tampered with).  

Digital Signature Validation Protection

When you choose to use a digital Signature on your IronWrapped application, you also have the option of using the IronWrap Digital Signature Validation Protection feature.  When selected, the IronWrap system at run-time performs a special check by comparing the digital signature stored in the binary for validity with the actual binary file.  Further it ensures that the credentials used when you linked it is the exact same used in the current signature. This last check ensures that the binary was not re-signed by an attacker using his own code signing certificate after they tampered with the file.  If any of these checks fail - the host will simply refuse to run.

There are numerous Certification Authorities (CA's) who provide code signing certificates (such as Verisign, Comodo, and more).  Obtaining a code signing certificate is fast, easy, inexpensive and adds another layer of security to your protected application.

More Information

For more information on actually Code Signing your IronWrapped product or using Digital Signature Validation protection, see: IronWrap Signing Tab