PRODUCTS

Code Signing Certificate

WHAT

Is Code Signing ?

A Code Signing Certificate is a digital certificate that contains information that fully identifies an entity and is issued by a Certificate Authority. The Digital Certificate binds the identity of an individual or entity to a public key that is mathematically related to a private key pair. The use of private and public key systems is called Public Key Infrastructure (PKI). The developer signs code with its private key and the end user uses the developer’s public key to verify the developer’s identity.

WHO

Need A Code Signing ?

Code Signing Certificates is basically used by Developers and software publishers to digitally sign apps, drivers, and software programs to protect their intellectual property in a proper form. The code signing certificate is used to verify that the code is original and have not been altered or tampered by any third parties.

A Code Signing Certificate is a digital certificate that contains information that fully identifies an entity and is issued by a Certificate Authority. The Digital Certificate binds the identity of an individual or entity to a public key that is mathematically related to a private key pair.

A code signing certificate allows you to sign code using a private and public key system. A public/private key pair is generated when the certificate is requested. The private key stays on the applicant’s machine, where the public key is submitted to the provider with the certificate request to issue a certificate.

HOW

Does Code Signing Work ?

SIGNING

Code Signing process:

  • Software Vendor obtains a Code Signing Digital ID from License Certificate Authority
  • Software Vendor creates code.
  • Using the SIGNCODE.EXE utility.
  • Creates a hash of the code, using an algorithm such as MD5 or SHA.
  • Encrypts the hash using his/her private key.
  • Creates a package containing the code, the encrypted hash, and the software vendor’s.

VERIFICATION

Code Verification process:

  • The end user encounters the package.
  • The end user's Microsoft browser examines the software vendor's Digital ID. Using the root Public Key, which is already embedded in Authenticode-enabled applications, the end user browser verifies the authenticity of the Code Signing Digital ID (which is itself signed by the root Private Key).
  • Using the software vendor's public key contained within the software vendor’s Digital ID, the end user browser decrypts the signed hash.
  • The end user browser runs the code through the same hashing algorithm as the publisher, creating a new hash.
  • The end user browser compares the two hashes. If they are identical, the browser messages that the content has been verified by the license certificate authority, and the end user has confidence that the code was signed by the software vendor that identified in the Digital ID, and that the code hasn't been altered since it was signed. If the two hashes match, the user knows that the application has not been modified since it was signed.

SUPPORT PLATFORM

MS Authenticode

Adobe AIR

Apple

Mozilla & Netscape Objects

Macros & VBA

Java

For More Information, Please Contact Us

Raffcomm Technologies Sdn Bhd. (1000449-W)
Unit B-G-03, CoPlace 1,
2270, Jalan Usahawan 2,
Cyber 6, 63000 Cyberjaya,
Selangor, Malaysia

Phone
+603 86861230

Fax
+603 86861231

General Information

info@cyphersign.my

TOP