Code Signing Certificate
WHAT
Is Code Signing ?
A Code Signing Certificate is a digital certificate that contains information that fully identifies an entity and is issued by a Certificate Authority. The Digital Certificate binds the identity of an individual or entity to a public key that is mathematically related to a private key pair. The use of private and public key systems is called Public Key Infrastructure (PKI). The developer signs code with its private key and the end user uses the developer’s public key to verify the developer’s identity.
WHO
Need A Code Signing ?
Code Signing Certificates is basically used by Developers and software publishers to digitally sign apps, drivers, and software programs to protect their intellectual property in a proper form. The code signing certificate is used to verify that the code is original and have not been altered or tampered by any third parties.
A Code Signing Certificate is a digital certificate that contains information that fully identifies an entity and is issued by a Certificate Authority. The Digital Certificate binds the identity of an individual or entity to a public key that is mathematically related to a private key pair.
A code signing certificate allows you to sign code using a private and public key system. A public/private key pair is generated when the certificate is requested. The private key stays on the applicant’s machine, where the public key is submitted to the provider with the certificate request to issue a certificate.
HOW
Does Code Signing Work ?
SIGNING
Code Signing process:
- Software Vendor obtains a Code Signing Digital ID from License Certificate Authority
- Software Vendor creates code.
- Using the SIGNCODE.EXE utility.
- Creates a hash of the code, using an algorithm such as MD5 or SHA.
- Encrypts the hash using his/her private key.
- Creates a package containing the code, the encrypted hash, and the software vendor’s.
VERIFICATION
Code Verification process:
- The end user encounters the package.
- The end user's Microsoft browser examines the software vendor's Digital ID. Using the root Public Key, which is already embedded in Authenticode-enabled applications, the end user browser verifies the authenticity of the Code Signing Digital ID (which is itself signed by the root Private Key).
- Using the software vendor's public key contained within the software vendor’s Digital ID, the end user browser decrypts the signed hash.
- The end user browser runs the code through the same hashing algorithm as the publisher, creating a new hash.
- The end user browser compares the two hashes. If they are identical, the browser messages that the content has been verified by the license certificate authority, and the end user has confidence that the code was signed by the software vendor that identified in the Digital ID, and that the code hasn't been altered since it was signed. If the two hashes match, the user knows that the application has not been modified since it was signed.
Coporate Office
Telephone : 03-4040 0091
Faks : 03-4040 0095
Operation Office
Telephone : 03-2787 2010
Faks : 03-2787 2070
Website : www.cyphersign.my
Email : [email protected]
RAFFCOMM TECHNOLOGIES SDN BHD provides www.rafftech.my website as a service to the public and website owners. Raffcomm Technologies Sdn Bhd has obtained its CA Operational License (license no. LPBP-4/2021 (1)). The content of this website is purely for information only. We do not make any warranties about the completeness, reliability and accuracy of this information. Any action you take upon the information on this website is strictly at your own risk, and we will not be liable for any losses and damages in connection with the use of our website.
2022 Raffcomm Technologies Sdn. Bhd. All Rights Reserved.
