DigiCert Secure App Service (SAS) supports three signing key models as recommended by major software and operating system vendors.
Also known as a single use model. In this model, SAS generates a new certificate for each signing event. Every signing set has a 1-1 relationship with a unique certificate.
Your keys are never at risk of compromise, as they are used only once. When you revoke a certificate, only one signing set is affected. This is the safest signing key model.
This model is recommended for Java applications.
Also known as on-demand pool model or fixed-certificate pool model. Keys are retained in a pool and assigned a friendly name for easy identification. When you submit an application for signing, you can choose an existing certificate or create a new one.
In this model, you maintain multiple signing certificates for a single signing service.
This model is ideal for Android applications, as the Android platform requires you to use the same certificate for every release of an application.
This model cycles through a pool of certificates instead of using the same one each release. Keys are generated as needed and must be unique across a set number of days (1, 8, or 15). The keys are reused once the number of days is reached.
Microsoft gives higher levels of reputation to applications using this model. This model is required for signing files that are used on Microsoft operating systems (.dll, .exe, etc.).
We use this model for all our Microsoft-based signing services.
Select a key model based upon the signing service platform or your own requirements or policies. For example, the on-demand signing model is often used for Android applications, but it can be used with other signing services as well.
Recommend key models by file type:
All signing models are enabled by default on SAS. When you select a signing service (for example, Authenticode signing) the platform automatically selects the relevant model for you (the pool of rotating keys in this instance). You can modify this setting to align with your needs and to maximize your application security.