In the recent past, many technology firms were being targeted by hackers to tamper and corrupt the source code. These attacks heavily impact brand reputation and also leads to huge losses for firms victimized. To tackle this scenario, Code Signing techniques can be used for safeguarding the code integrity and to provide authenticity of the author to the end-user by providing digital signatures. Code Signing provides secure and trusted distribution of software preventing tampering, corruption and forgery. Code signing improves end-user confidence in software/code integrity and sender authenticity.
Code Signing Architecture provides a detailed explanation on how the Code Signing process works along with its components. Below mentioned are the four important differentiating components in the Code Signing Architecture.
These four components together will achieve the full cycle completion of code signing process. Each component has a defined working process which is discussed in detail below.
Code Signing System (CSS):
The Code Signing System (CSS) is the first and important component of Code Signing Architecture. Code signing system signs the submitted code using digital signature and authenticates the author. The digital signature is generated by CSS using a private signing key and certificates. It is highly important to secure the private signing key and certificate from misuse and unauthorized access.
Certificate Authority (CA):
Developers or Source issuing code should use certificates from authentic certificate authorities (CA) as the certificate enables the process of authenticating the source. Certificates issued by authentic certificate authorities must comply with standard certificate policies such as NIST Interagency Report 7924 which specifies requirements to be followed by CAs while issuing certificates.
Also, the developer requesting the certificate from authentic CAs has to provide supporting validation documents which would be verified before providing certificates. CA would follow guidelines mandated by standard agencies such as CA security council, CA/Browser Forum etc.
An optional but important component in Code Signing Architecture is Time Stamp Authority (TSA). Time stamping preserves the source time when the code was signed and allows software to be accepted by the OS and other client device platforms even after the certificate expires. Signed software is validated with the source time when the certificate was signed rather than the current time. Hence, it is always advisable to use timestamping techniques while performing code signing.
Digital signature signed code is sent to TSA for time stamping. TSA applies its own signature along with the valid source timestamp. TSA is independent from the Code Signing System and synchronizes its clock with an authoritative time source.
End-users using the code digitally signed by the publisher first initiates the process of verifying the signature. In general, verifiers are used to perform this step of validating the signatures and time stamp (if any). Verifiers leverage trust anchors to validate the signature on the signed code. Trust anchors are usually public keys of root certificate authorities (CA) installed securely on the verifying platform. In general, root CAs use standard architecture such as X.509 standard.
If your organization is looking Code Signing implementation services, please consult info@encryptionconsulting.com for further information