A technique for authenticating the origin of executables, and making sure the executables have not been tampered with.

It works this way: Developer cryptographically signs the executable with his/her key, and when user runs the executable, the operating system verifies the signature before it is allowed to run.

Some platforms can optionally use this approach (for example, Java), on others, it's more or less mandatory (for example, on ActiveX and Windows XP).

Code signing doesn't make programs any more secure; signing can only verify that the program was actually sent by the developer. Of course, the developer can still make program work "nastily" - the only thing that probably comforts the user is that s/he knows who wrote the offending program.

Some also speculate that code signing could be used as a political tool by people who run the signing authority or by people who run the OS company; If Microsoft suddently decides to revoke a key of some Whistler client-side application developer, they're out of luck, and so are their binaries. And what would be a more effective FUD weapon in Whistler than to say "this binary is unsigned, so you really shouldn't trust on it"?

Log in or registerto write something here or to contact authors.