What is a Code-Signing Cert?
Code signing is a convenient way to authenticate the person who's written some code (for example, java code in a .jar file)
A code signing cert has special abilities to be accepted by Microsoft, Sun, Mozilla as code signing certificate.
But anyway, it will working nicely only if the root cert is trusted *and* if you accept to execute the code!
joke part: At least, you will know the name of the person just before you let him/her erasing all your hard disk content 
What do I need to get a code-signing cert?
For code signing you need to have at least 100 points, and CAcert has to have a (scanned) copy of your photo ID. Then you have to send an email to support #at# cacert.org to ask to activate Code-Signing for your account.
Include the scanned image, even if you already filed such images via the TTP process.
How long will it take to get the Cert?
Be patient. One user sent in a letter on 25 Apr 2005, and a reminder 29 May 2005. A response came 19 July 2005.
How can I use my Code-signing Cert?
The code signing privilege can be added to new email certificates you obtain from the CAcert website. Once you are approved, you will see, when you go the CAcert website, and log in, that when you choose to obtain a new personal certificate, that you will have the option to include the code-signing privilege.
Linux
[http://sourceforge.net/projects/disec] (uses GPG keys)
[http://blogs.sun.com/roller/page/darren/Weblog/signed_solaris_10_binaries]
[http://www.dia.unisa.it/staff/luicat/home/publications/scn02.pdf]
Signing Firefox XPI Files
[http://www.mozdevgroup.com/docs/pete/Signing-an-XPI.html] Basic Instructions, which uses a self-signed certificate.
To use the CAcert certificate to sign the XPI, you:
- After installing the code-signing cert in your browser, and after you've created and
- installed the NSS utility binaries as outlined in Pete's instructions above, you must find all the "key3.db" files in your home directory:
find ~ -name key3.db
- installed the NSS utility binaries as outlined in Pete's instructions above, you must find all the "key3.db" files in your home directory:
- Then, for each directory that contains a key3.db file, you list out the
- certs contained there, and find your new code-signing cert (It will be marked with an "*" in the first column, using the command:
signtool -L -d <dir containing key3.db file>
- certs contained there, and find your new code-signing cert (It will be marked with an "*" in the first column, using the command:
- Having found the correct directory, and the entry might look so:
* Joe Normal's Root CA ID
- Following the XPI signing instructions above, explode the unsigned XPI file into a dir,
- and issue the command:
signtool -d <the key3.db dir> -k "Joe Normal's Root CA ID" -p <the-magic-password> <xploded-XPI-dir>
- and issue the command:
- If all goes well, you then continue following the directions, and zip up the signed XPI file, and
- you are done!