Chapter 9. Code Signing and Microsoft’s Authenticode

Code signing is a technique for signing executable programs with digital signatures. Code signing is designed to improve the reliability of software that’s distributed over the Internet. It is meant to provide a system for trusting downloaded code and reducing the impact of malicious programs, including computer viruses and Trojan horses.

This chapter describes the mechanics of code signing. For a discussion of why it might not provide the safety that its backers assert, see Chapter 4.

Why Code Signing?

Walk into a computer store and buy a copy of Microsoft Windows 95, and you’re pretty sure that you know what you are buying and who produced it. The program, after all, comes shrink-wrapped in a box, with a difficult-to-forge security hologram. Inside the box is another hologram and a CD-ROM. You know that your CD-ROM or floppy disks have the same program as every other CD-ROM or floppy disk sold in every other Windows 95 box. Presumably, the software was checked at the factory, so you have every reason to believe that you’ve got a legitimate and unaltered copy.

The same can’t be said for most software that’s downloaded over the Internet. When Microsoft released its 1,264,640-byte Service Pack 1 for Windows 95, the only way to be sure that you had a legitimate and unaltered copy was to download it directly from Microsoft’s web site yourself—and then hope that the file wasn’t accidentally or intentionally corrupted either on Microsoft’s ...

Get Web Security and Commerce now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.