Code Signing

If I would need to summarize why is required a digital signature applied to a piece of code to be installed or executed, I would simply answer that is because it provides assurance of authenticity and origin…

“Code signing is the process of digitally signing executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was signed. The process employs the use of a cryptographic hash to validate authenticity and integrity.”  (in Wikipedia, https://en.wikipedia.org/wiki/Code_signing)

As per above code signing provides authentication and integrity. The integrity is mainly provided by the hash function, that determines that the code was not been modified since the author signed the code, and authentication since allows to bind the signer of the code thru the information stored on the certificate used on the digital signature. In practice, code signing binds the owner of the code sign certificate to the application (or script) – the owner can be an individual or an organization.

Code signing uses IS (Information System) tools and infrastructure (digital certificates, tokens, smart-cards, middleware, platforms, applications, etc.), but in fact it is not an IS process, but a business one. The main reason is that in practice, code signing is about accountability and responsibility, that by definition and in practice may represent penalties, thru software license agreements or even due to court of law disputes.

It is very important to highlight that just because it is signed, it does not mean that it is safe, free of bugs, free of vulnerabilities or that will not damage a system. 

Code (applications and scripts) should not be trusted just because it is signed, but mainly because of the digital reputation of the signer. 

Like all the other Public Key Infrastructure (PKI) deliverables, the integrity of the solution relies on the key owners (signers / “publishers”) processes and procedures, including access controls securing their private keys against unauthorized access.

If a key is compromised, the certificate loses trust and its value, jeopardizing the software that you have already signed. In some cases, it can jeopardize all organization.