Discuss the processes of code signing and verification.
How could the processes be attacked?
Code signing is the method of using a certificate-based digital signature to sign executables and scripts in order to verify the author’s identity and ensure that the code has not been changed or corrupted since it was signed by the author. This helps users and other software to determine whether the software can be trusted.
Because of the potential damage that an executable or script can cause to a computer system, it is important that users be able to trust code published on the Internet. If we know the application is signed by a valid source such as Microsoft Inc. or Apple Inc other than an unknown source then we are much likely to install it.
So to increase the trust
1.Authentication. Verifying who the author of the software is.
2.Integrity. Verifying that the software hasn’t been tampered with since it was signed.
Say, we create an application and sign it using your code signing certificate. Before running the application your users will see that it is signed by you and they will know that the application is authentic and has not changed by the hacker.
Also, code signing makes it easy to trust updates because if you release an update for an application and using the same sign and the same key as the original application the update can be trusted automatically as it is coming straight from you.
A code signing certificate allows you to sign code using a private and public key system similar to the method used by SSL and SSH. A public/private key pair is generated when the certificate is requested. The private key stays on the applicant’s machine and is never sent to the certificate provider. The public key is submitted to the provider with the certificate request and the provider issues a certificate.
The code signing certificate acts as a digital signature. When you sign data, you include your digital signature with the data. A certificate contains information that fully identifies an entity, and is issued by a certificate authority (CA) after that authority has verified the entity’s identity. When the sender of a message signs the message with its private key, the message recipient can use the sender’s public key to verify the sender’s identity.
Code signing certificates should be signed by a trusted root certification authority using a secure public key infrastructure (PKI). Certification authorities are organizations, determined to be trustworthy, that issue certificates to entities whose identity has been verified. Certificates are verified using a chain of CAs. Each certificate is linked to the certificate of the CA that signed it. By following this chain path, to a trusted CA, you can be assured that a certificate is valid. For example, if a user’s system is set to trust a particular certificate authority and receives an executable signed by an entity that was validated by that authority, he can choose to trust the executable by proxy.
Trust is a very important factor here between the CAs and the applicant i.e. developer.
This does not guarantee that the code itself can be trusted, only that it was signed by a specific legal entity. A hacker could still get a code signing certificate and sign a virus but he will be legally accountable for it. In addition to validating an entity’s identity, commercial CAs require applicants to pledge not to distribute software that they know, or should have known, contains viruses or would otherwise harm a user’s computer or code.
To improve the situation we can use EV Code Signing Certificates requires developers to go complete more rigorous validation than a normal code signing certificate and it often displays this information to the user. EV Code Signing certificates are usually issued on a hardware token to provide two-factor authentication to make it much more secure. They are best for signing device drivers and other high-trust software since it provides reputation by default with Microsoft SmartScreen Filter.
Please login or Register to submit your answer