Difference between revisions of "Code signing"

From Lazarus wiki
m (Code Signing for OS X -> Code Signing for Mac OS X)
Line 2: Line 2:
  
 
One measure to reduce the effects of malicious code is that some modern operating systems require executables and scripts that have been downloaded from the internet to be signed with a developer's certificate. Code signing confirms the identity of the software author and guarantees that the code has not been altered or corrupted since it was signed by use of a cryptographic hash. Therefore, it ensures both authenticity and integrity of the executables.
 
One measure to reduce the effects of malicious code is that some modern operating systems require executables and scripts that have been downloaded from the internet to be signed with a developer's certificate. Code signing confirms the identity of the software author and guarantees that the code has not been altered or corrupted since it was signed by use of a cryptographic hash. Therefore, it ensures both authenticity and integrity of the executables.
 +
 +
 +
[[File:codesigning.png|center|600px|Overview of code-signing a program written with Lazarus and Free Pascal]]
 +
  
 
Code signing is required in [[Portal:iOS|iOS]] and modern versions of [[Portal:Mac|Mac OS X]]. Microsoft implements for [[Portal:Windows|Windows]] a form of code signing based on Authenticode to include information about developers and their code with their programs through the use of digital signatures.
 
Code signing is required in [[Portal:iOS|iOS]] and modern versions of [[Portal:Mac|Mac OS X]]. Microsoft implements for [[Portal:Windows|Windows]] a form of code signing based on Authenticode to include information about developers and their code with their programs through the use of digital signatures.

Revision as of 22:45, 24 November 2013

Every piece of code may contain viruses, spyware, trojan horses, backdoors, rootkits, keyloggers and other kinds of malware. The risk has dramatically increased with the advent of wide-area networks like the internet, where it is easy to download programs of unknown or unverified origin.

One measure to reduce the effects of malicious code is that some modern operating systems require executables and scripts that have been downloaded from the internet to be signed with a developer's certificate. Code signing confirms the identity of the software author and guarantees that the code has not been altered or corrupted since it was signed by use of a cryptographic hash. Therefore, it ensures both authenticity and integrity of the executables.


Overview of code-signing a program written with Lazarus and Free Pascal


Code signing is required in iOS and modern versions of Mac OS X. Microsoft implements for Windows a form of code signing based on Authenticode to include information about developers and their code with their programs through the use of digital signatures.

See also