IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [code-signing]

Code Signing is the process of putting a signature on executables and patches to prove it is genuine, and to prevent attackers from injecting malicious code into end-user's systems.

Code signing comes up frequently in the following areas:

  • OS updates (especially Over-The-Air updates for mobile devices)
  • Firmware updates / secure boot
  • Installing apps from a public app store / downloaded from the internet

but can also come up in other contexts.

176 questions
4
votes
1 answer

Strategies for signing sections of a text file to prevent tampering

I'm looking for suggestions from the community on the best way to approach this problem of securing a text file while still making it fairly shareable: I have a collection of chef recipes in git, defining labs e.g. a jenkins CI setup, which people…
velniukas
  • 43
  • 4
1
vote
0 answers

Standard for verifying certificates that signed code

When one verifies a certificate that came alongside a signature for some sort of code, is there a standard that specifies what shall be verified? For example, if I'm to verify a certificate that came alongside a SSL response from a server, I can…
Pawel Veselov
  • 561
  • 5
  • 11
1
vote
0 answers

Can an EXE code signing renew even though it's expired?

I've just downloaded composer from getcomposer.org, but a strange thing had happened. When I clicked "install for all users" button, the UCA says "Unknown publisher", but when I was checking its properties, it displays "Open Source Developer, John…
user226062
1
vote
1 answer

Verifying resident program "integrity" before every run

I am aware that operating systems verify authenticity & integrity of a program file while installing a program to a system. My question is, do popular OS's provide a way to verify (and warn the user if modified/tampered with by malware on the…
user3272983
  • 11
  • 2
0
votes
1 answer

How to Store Signed Source Code + Encrypted HASH +Code Signing Cert

I have been tasked with designing a solution for signing source code. I have not found much on whether or not there is a standard for storing the signed code and it's hash and code signing cert. As I understand it, signing source code involves…
MegaHurts2010
  • 1
0
votes
2 answers

Signing the same solution (list of files) by multiple CA

We (platform owner) have a requirement to sign a 3rd party (partner) software solution which will be hosted on our platform. The 3rd party solution is signed by the partner with some well known CA. The platform owner would like to sign it again with…
Vamsi
  • 1
  • 1
0
votes
2 answers

Will digital signature prevent tempering, or at least harden the cracking, of my Windows applications?

I intend to buy my first digital signature intended for signing EXE files. In particular Certum Standard Code Signing caught my eye. It is SHA-2 based with up to 4096 RSA. Is it worth my money if I need to prevent cracking of the application. Well I…
Vlastimil Burián
  • 1,707
  • 2
  • 22
  • 41
0
votes
1 answer

Potential consequences of signing software that's not mine

I want to teach my son to not click unsigned software. Unfortunately there some software that's highly useful (e.g. Search Everything, but it could be any other software) that's not digitally signed. Since I own a code signing certificate, I could…
Thomas Weller
  • 3,392
  • 3
  • 24
  • 40