Let’s start with a basic definition. Code signing is a method of proving the origin and integrity of a file. The process involves digitally signing executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was signed.
Code singing protects companies – along with their partners and users – from the potential risks associated with software tampering. As part of the code-authentication process, it’s crucial for establishing trust and identity.
Secure code signing is essential to ensure the authenticity and integrity of executable program files. The developer first creates a hash of the program file to be signed. A hash is a mathematical function that takes the file as input and outputs a value of a fixed size (the current best practice hash algorithm is SHA-2). With a good hash algorithm, there is no way to determine anything about the input data from the hash, and the odds of making a different file that generates the same hash are extremely low.
The developer then uses the hash and their private key to generate a digital signature using one of many algorithms. As a result, any other party can use the file, the signature, and the signer’s public key to verify that the signature was created by the party who owns the certificate.
Take, for example, an outsider who is attempting to access a program file that is supposed to be a Microsoft program. Windows can use the code signature to prove that the program did indeed come from Microsoft. The goal of code signing is to allow a user (or more likely the user’s operating system) to confirm that its claimed publisher issued a program file. It does this with digital signatures, digital certificates, hashes and Asymmetric or Public Key Cryptography.
As the last step in the development process, code signing creates the actual files that will be delivered to the user. Of course, as with any step of the development process, code signing doesn’t come without its challenges.
For code signing to be an effective measure for identifying trustworthy software, the code signing process itself must be secure. In order to prevent attackers from using forged code signatures to hide infected code, organizations must take steps to protect the process for creating these digital signatures. As I mentioned before, code signing enables an organization to verify the identity of the software publisher and prove that the software has not been tampered with since it was published.
Another challenge is securing mobile devices and the “app-store economy.” The growing popularity of intelligent connected devices are resulting in an increasing number of unsecured devices in untrusted locations. For example, Apple has strict requirements for submissions of apps to be sold in the Apple App Store for iOS devices. They don’t trust developers to sign the app, so the app goes into the store only when Apple approves and signs it. By implementing code signing policies, companies such as Apple can protect software from being corrupted and bring appropriate governance to software-publishing practices.
Code signing is used as a best practice among many organizations because there are some significant benefits to implementing the technology. Major industry players such as Microsoft, Apple and Google have been pushing other companies to adopt stronger code signing methods.
As with many security solutions, it’s essential to deploy high-assurance solutions that position organizations to meet requirements for regulatory compliance and emerging standards of due care. Organizations can maximize code-signing security with a tamper-resistant, hardware-based solution. Hardware security modules (HSMs) are sealed hardware devices that perform cryptograph operations, such as generating keys and signing files, with proper authorization, within a security model defined and audited by government agencies. Thales offers a wide range of FIPS-certified HSMs to protect code-signing keys, from the single workstation, USB-connected nShield Edge up to the high-performance, network-attached nShield Connect.
Additionally, Thales’ Code Signing Solution is designed for software vendors of all sizes and for enterprises that develop their own code. Our comprehensive solution enables organizations to implement high-assurance, high-efficiency code-signing processes to protect software from tampering and bring appropriate governance to software publishing practices.
Stay tuned for a second blog on what happens when code signing isn’t in place, and how your business can avoid falling into this trap. In the meantime, check out Thales’ whitepaper on code signing here.
Interested in learning more? Find me on Twitter @vikramesh.