code signing

A method of ensuring that an executable program has come from a valid software publisher and has not been altered by anyone in between. Also known as "object signing," an EXE, CAB, driver or other executable file is digitally signed and transmitted along with a digital certificate from a certification authority (CA) such as VeriSign (www.verisign.com) or Thawte (www.thawte.com).

Verifying the Signed Certificate
After the code-signed executable is downloaded from a Web site, its certificate is extracted by the user's browser. From an internal list of certificate authorities (CAs) and their public keys, the browser uses the appropriate public key to verify the signature in the certificate. Once verified, it means that the software publisher is who it claims to be, and the public key in the certificate belongs to that publisher.

Verifying the Signed Executable
Next, the publisher's public key is used to verify the signature created from the executable's binary content. The public key decrypts the signature back into the digest, which is compared to the newly computed digest at the client side. If they match, the executable is verified to have come from the publisher without being tampered with. For more on certificate verification, see digital certificate and digital signature.

Object and Code Signing
Although both terms are used interchangeably, object signing refers to any files delivered in this manner, while code signing refers specifically to executables, which is the major concern these days when downloading so many active elements from the Internet. Authenticode is Microsoft's code signing system, and Object Signing is Netscape's system.

The Code Signing Process

The combination of the signed digital certificate and the signed executable file ensures that the executable has come from a valid publisher and has not been tampered with.