The present invention provides for token based signing of an unsigned binary which may be a stream of bits (e.g., 0's and 1's). The unsigned binary is signed using a secret key which resides in a token (e.g., a smart card), which makes the secret key available to the token holder. The unsigned binary is downloaded and verified for authenticity by the token coupled to a computing device. In one embodiment, the downloaded unsigned binary is encrypted. If the unsigned binary is authentic, it may be used to replace the prior firmware on that computing device.