Code signing concept & implementation using installware software

-
Code Sign In

What is Code Signing?
Code signing is the method of using a certificate-based digital signature to sign executables and scripts in order to verify the author’s identity and ensure that the code has not been changed or corrupted since it was signed by the author. This helps users and other software to determine whether the software can be trusted.

Purpose of Code Signing
Because of the potential damage that an executable or script can cause to a computer system, it is important that users be able to trust code published on the Internet. Here are two important ways that Code Signing increases trust:
·       Authentication. Verifying who the author of the software is.
·       Integrity. Verifying that the software hasn’t been tampered with since it was signed.
·        
What is a Code Signing Certificate?
A code signing certificate allows you to sign code using a private and public key system similar to the method used by SSL and SSH. A public/private key pair is generated when the certificate is requested. The private key stays on the applicant’s machine and is never sent to the certificate provider. The public key is submitted to the provider with the certificate request and the provider issues a certificate.
The code signing certificate acts as a digital signature. 

How does Code Signing Work?
In order to sign a piece of code, an author goes through the following process:
·       Applies for a code signing certificate from a code signing certificate authority
·       Has his identity verified and receives a code signing certificate
·       Generates a one-way hash of the software and uses the private key to encrypt this hash
·       Bundling the hash and certificate with the executable
·       When a user receives the application, he verifies it by:
o   Decrypting the hash using the public key in the certificate
o   Creating a new hash of the downloaded application
o   Comparing the new hash with the hash that was signed by the certificate



 If the two hashes match, the user knows that the application has not been modified since it was signed. Most of these steps are handled by the operating system automatically.


For example, when you run a signed application on Windows, you will see the following dialog:
If you right-click the executable and view the properties of it, the Digital Signatures tab will let you view the details of the certificate:

 Implementation:
Code sign in can be implemented to an executable file using Installware.


 To start Code Signing, on the Design tab, in the Tools group, click Code Sign. Use the code sign tool to manually sign code your executable and libraries using Authenticode technology.

  1. Check to make sure you have already built your setup, and have obtained the necessary code signing certificates from code signing authorities. An Internet connection is required if you wish to time-stamp your signature.
  2. Fill in the necessary fields for your product, and choose your setup and certificate files.
  3. Click Sign to code sign your setup.
  4. Click Test to verify your code signed setup has been signed and is working properly. A testing dialog appears with your authenticity certificate.
  5. Create the .msi again using the new signed executable file.

Comments

Post a Comment

Popular posts from this blog

Interaction with UI from windows service

-
I nteract ion with UI from windows service Introduction Windows service has no UI and it has never been easy to prompt users with some notifications from windows service. To interact with UI from windows service, we used to opt, allow service to interact with desktop and by launching another process from the windows service. But it is not expected to work with windows vista and upwards. So now the question is how to implement this in newer versions of windows i.e. windows 8, windows 10 etc. Here is the answer: Display a dialog box in the user's session using the  WTSSendMessage function. It can be used to display messages from windows service on all supported windows operating systems. WTSSendMessage Displays a message box on the client desktop of a specified Remote Desktop Services session. Syntax BOOL WTSSendMessageA(   IN HANDLE hServer,   IN DWORD   SessionId,   LPSTR      pTitle,   IN DWORD   TitleLength,   LPSTR      pMessage,   IN DWO
Read more

.Net Basic terminology

-
Image
.Net Basic terminology 1  What is the CLR? CLR: Common Language Run-time. The  Common Language Run-time ,  the virtual machine component of Microsoft's .NET framework, manages the execution of .NET programs. A process known as just-in-time compilation converts compiled code into machine instructions which the computer's CPU then executes.[1] The CLR provides additional services including  Object-oriented programming model (inheritance, polymorphism, exception handling, garbage collection) Security model Type system All .NET base classes Many .NET framework classes Development, debugging, and profiling tools Execution and code management IL-to-native translators and optimizers  All versions of the .NET framework include CLR. 2 What is the CTS? CTS: Common Type System.  This is the range of types that .NET run-time understands, and .NET applications can use. However not all .NET languages will support all the types in
Read more

Basics of .Net

-
Image
Basics of .Net  What is .NET? .NET is a environment for software development. It is similar to other software development framework LIKE J2EE etc in that it provides a set of run time containers/capabilities, and a rich set of pre-built functionality in the form of class libraries and APIs. The .NET Framework is used for building, deploying, and running Web Services and other applications. The IDE provided by Microsoft is Visual Studio.  It consists of three main parts:  the Common Language Runtime,  the Framework classes, and  ASP.NET. How is .NET able to support multiple languages?    In .NET, code is compiled to Microsoft Intermediate Language (MSIL). This is called as Managed Code. This Managed code is run in .NET environment. So after compilation to this IL the language is not a barrier. A code can call or use a function written in another language.  What are the major components of .Net? The major components of .Net framework are CLR (Common languag
Read more