Code signing is a technique for signing executable programs with digital signatures. Code signing is designed to improve the reliability of software that’s distributed over the Internet. It is meant to provide a system for trusting downloaded code and reducing the impact of malicious programs, including computer viruses and Trojan horses.
This chapter describes the mechanics of code signing. For a discussion of why it might not provide the safety that its backers assert, see Chapter 4.
Walk into a computer store and buy a copy of Microsoft Windows 95, and you’re pretty sure that you know what you are buying and who produced it. The program, after all, comes shrink-wrapped in a box, with a difficult-to-forge security hologram. Inside the box is another hologram and a CD-ROM. You know that your CD-ROM or floppy disks have the same program as every other CD-ROM or floppy disk sold in every other Windows 95 box. Presumably, the software was checked at the factory, so you have every reason to believe that you’ve got a legitimate and unaltered copy.
The same can’t be said for most software that’s downloaded over the Internet. When Microsoft released its 1,264,640-byte Service Pack 1 for Windows 95, the only way to be sure that you had a legitimate and unaltered copy was to download it directly from Microsoft’s web site yourself—and then hope that the file wasn’t accidentally or intentionally corrupted either on Microsoft’s ...