Providing Security
Many code signing implementations will provide a way to sign the code using a system involving a pair of keys, one public and one private, similar to the process employed by SSL or SSH. For example, in the case of .NET, the developer uses a private key to sign their libraries or executables each time they build. This key will be unique to a developer or group or sometimes per application or object. The developer can either generate this key on their own or obtain one from a trusted certificate authority (CA).
Code signing is particularly valuable in distributed environments, where the source of a given piece of code may not be immediately evident - for example Java applets, ActiveX controls and other active web and browser scripting code. Another important usage is to safely provide updates and patches to existing software. Windows, Mac OS X, and most Linux distributions provide updates using code signing to ensure that it is not possible for others to maliciously distribute code via the patch system. It allows the receiving operating system to verify that the update is legitimate, even if the update was delivered by third parties or physical media (disks).
Read more about this topic: Code Signing
Famous quotes containing the words providing and/or security:
“Life is constantly providing us with new funds, new resources, even when we are reduced to immobility. In life’s ledger there is no such thing as frozen assets.”
—Henry Miller (1891–1980)
“To have in general but little feeling, seems to be the only security against feeling too much on any particular occasion.”
—George Eliot [Mary Ann (or Marian)