This section demonstrates how to sign code by creating digital signatures and associating them with files using Authenticode, which is provided with the ActiveX SDK. As we have seen, creating a fully verifiable certificate may assume the existence of a complex hierarchy of CAs. For testing purposes only, we provide a root certificate and a root private key. If you are an independent software vendor, you must obtain a certificate from GTE, VeriSign, Inc. or another CA before you begin signing code.