Code Signing SSL Certificates

Code signing is the process of digitally signing software to confirm the software author and to guarantee that the code has not been altered or corrupted since it was signed by use of a cryptographic hash.

Code signing can provide several valuable features. The most common use of code signing is to prove authenticity when deploying software. Almost every code signing implementation will provide some sort of digital signature mechanism to verify the identity of the author or build system, and a checksum to verify that the object has not been modified. It can also be used to provide versioning information about an object or to store other meta data about an object.

Code signing is particularly valuable in distributed environments, where the source of a given piece of code may not be immediately evident – e.g., Java applets, ActiveX controls and other active web and browser scripting code. Another important usage is to safely provide updates and patches to existing software. Windows, Mac OS X, and most Linux distributions provide updates using code signing to ensure that it is not possible for others to maliciously distribute code via the patch system. It allows the receiving operating system to verify that the update is legitimate, even if the update was delivered by third parties or physical media (disks).

The certificate used to sign the code signature should be traceable back to a trusted root authority CA, preferably using a secure public key infrastructure (PKI). This does not ensure that the code itself can be trusted, only that it comes from the stated source. A CA provides a root trust level and is able to assign trust to others by proxy. If a user trusts a CA, then the user can presumably trust the legitimacy of code that is signed with a certificate generated by that CA or one of its proxies. Many operating systems and frameworks contain built-in trust for one or more existing CA’s.