code signing certificates

I have a number of different projects, which are maturing to the level that I will be buying code signing certificates for them. My understanding of a code-signing certificate is that it is meant to establish a trust relationship between my userbase, and the developer (me). To that end, it would make sense to buy one code-signing certificate and sign all my projects with the same certificate. However, I also am aware that another function of the code-signing certificate is to encrypt parts of the deployment to ensure that the product is not tampered with prior to the userbase installing it. It's my understanding that the more often a certificate (or any encryption method) is used on different data (in this case my mult开发者_运维问答iple projects), the less secure it becomes (I'm generalizing here a little, I know).

So, my question is:

Should I get one code certificate per deployment, or only one and sign them all with it?

(I understand also that this may be a slightly subjective question, so if that's the case, perhaps we can simply offer pros and cons for the two options.)

Short answer: you can use the same certificate for all your projects.

Long answer:

• there is no encryption in code signing process. A digital signature provides integrity (the code has not been tampered) and authenticity (you are the author) but not confidentiality (everything remains in plain text)
• Public key crypto-systems security is based on the fact that it is very difficult (computationally speaking) to find the private key from the public key. This is achieved by complex mathematical problems like factorization of large numbers or discrete logarithm. But numerous signatures made by the same key should not weaken this key (for example there is certification authorities or time-stamping authorities performing thousands of signatures every day with the same key).

You have to weigh both sides:

With just one cert for all code/scripts, it's only one password to remember and easier to deal with; however, if it needs to be revoked (and for security reasons you do revocation checking) no code/script will run until a replacement is deployed everywhere! (One per deployment somewhat sandboxes each so that one being revoked does stop others from working.)