When downloading software on the Internet, customers must always be wary of 3rd parties masquerading as the software provider. With a tool like code signing, the software can be assured it comes from a natural source. Code signing is an operation where a software developer digitally signs the file sent out to assure users that they are receiving software that does what the creator promises. The signature proves the code has not been tampered with or modified from its root form.
Why is code signing important?
With the ability to download so much software from the Internet, code signing has become increasingly important for software developers. Attackers can easily conceal themselves as a legitimate source to plant malware on a victim’s computer. Code signing prevents these attacks as long as users only download software deemed safe by their operating system. Nowadays, when software is downloaded on a computer, the Operating System checks for the digital certificate created by code signing to ensure the safety of the software attempting to be installed. If no digital certificate is found, the user is informed of this fact and prompted to stop or continue the installation.
Benefits of code signing
It provides many advantages, including the ones mentioned below.
- With code signing, users can trust the software they are downloading and don’t need to worry about downloading malware onto their computer or mobile device. This authentication acts as a two-way deal, with code signing promoting trust on both sides of the exchange. Not only can the user trust the sender, but the developer can also trust their software went to the correct location and is not being misused.
- Since many of the most trusted mobile and web application stores, like the IOS AppStore or Google’s Play Store, require code signing, developers can distribute their software through even more platforms.
Disadvantages of code signing
There are many disadvantages to code signing, as well, including:
- Improper management of the private key created at the beginning of the code signing process can cause the insecurity of the software being sent. If a genuine private key is stolen, the attacker can encode their malicious software with the private key, telling the user that the software is safe to use.
- Threat actors can obtain a trusted certificate, but what stops most attackers is the need to provide identification information to obtain a certificate. The developer can be held accountable if malicious software is distributed with a legitimate certificate.
- If the user overrides the installation of the software, even if the Operating System says it is not code-signed, then code-signing is a complete waste in that situation.
- To prevent these disadvantages, some practices should be followed.
- Hardware Security Modules, or HSMs, should be used to protect encryption keys. An HSM is a specialized, highly trusted hardware device. It is a network computer that performs all the major cryptographic operations, including encryption, decryption, authentication, key management, key exchange, etc. They are tamper-resistant and use highly secure cryptographic operations.
Besides HSMs, the principle of least privilege should be used with keys to ensure only users who need the key have access. Finally, caution should always be exercised with code signing.