Providing Security
Many code signing implementations will provide a way to sign the code using a system involving a pair of keys, one public and one private, similar to the process employed by SSL or SSH. For example, in the case of .NET, the developer uses a private key to sign their libraries or executables each time they build. This key will be unique to a developer or group or sometimes per application or object. The developer can either generate this key on their own or obtain one from a trusted certificate authority (CA).
Code signing is particularly valuable in distributed environments, where the source of a given piece of code may not be immediately evident - for example Java applets, ActiveX controls and other active web and browser scripting code. Another important usage is to safely provide updates and patches to existing software. Windows, Mac OS X, and most Linux distributions provide updates using code signing to ensure that it is not possible for others to maliciously distribute code via the patch system. It allows the receiving operating system to verify that the update is legitimate, even if the update was delivered by third parties or physical media (disks).
Read more about this topic: Code Signing
Famous quotes containing the words providing and/or security:
“Ghosts, we hope, may be always with us—that is, never too far out of the reach of fancy. On the whole, it would seem they adapt themselves well, perhaps better than we do, to changing world conditions—they enlarge their domain, shift their hold on our nerves, and, dispossessed of one habitat, set up house in another. The universal battiness of our century looks like providing them with a propitious climate ...”
—Elizabeth Bowen (1899–1973)
“If we could have any security against moods! If the profoundest prophet could be holden to his words, and the hearer who is ready to sell all and join the crusade, could have any certificate that to-morrow his prophet shall not unsay his testimony!”
—Ralph Waldo Emerson (1803–1882)