This article was accepted into the corpus but its outbound wikilinks were never NER-processed — typical at the deepest BFS hop or when the run's entity cap was reached. No expansion funnel to show.
| Code Signing | |
|---|---|
| Name | Code Signing |
| Caption | Digital signature on executable |
| Developer | Various |
| Released | 1990s |
| Latest release | Ongoing |
| Platform | Microsoft Windows, Apple, Linux, Android, iOS |
Code Signing Code Signing is a digital authentication process used to verify the origin and integrity of executable software and scripts. It combines public-key cryptography, trusted third-party validation, and platform-specific verification to assure end users and automated systems that code originates from a known publisher and has not been altered. Widely adopted across Microsoft Windows, Apple ecosystems, and open-source distributions such as Debian, the practice influences software distribution, update systems, and platform security policies managed by organizations like OpenSSL and Internet Engineering Task Force.
Code signing emerged alongside the rise of commercial operating systems and networked computing, influenced by standards and projects including RSA, Digital Signature Algorithm, and initiatives by National Institute of Standards and Technology and Internet Engineering Task Force. Early adoption on Microsoft Windows with Authenticode and on Apple platforms with code signing frameworks set precedents shaped by vendors such as Oracle (for Java), Adobe Systems (for Acrobat and Flash), and package managers used by Red Hat and Canonical. Ecosystems for mobile distribution, notably Google Play and Apple App Store, integrated signing requirements alongside vendor policies from Federal Trade Commission investigations and industry guidelines influenced by organizations like OpenSSL and the Certificate Authority/Browser Forum.
The primary goals include publisher authentication, integrity verification, and enabling secure updates for systems managed by entities such as Microsoft, Apple, and Google. Signed artifacts interact with platform features like Windows Update, macOS Gatekeeper, and Android Verified Boot to control installation, execution permissions, and sandboxing in environments including Amazon Web Services, Google Cloud Platform, and enterprise systems managed by VMware. Signed packages integrate with package ecosystems like npm, PyPI, Maven, and Homebrew to provide provenance assurances relied upon by distributors such as GitHub, GitLab, and SourceForge.
Code signing employs asymmetric cryptography techniques originating with Diffie–Hellman key exchange, RSA, and ECC standards ratified by National Institute of Standards and Technology. Hash functions such as SHA-256 and SHA-3 provide digest integrity checks, while signing formats are defined by standards like PKCS#7, X.509, and Cryptographic Message Syntax used by implementations including OpenSSL, LibreSSL, and BoringSSL. Timestamping services anchored in Network Time Protocol-synchronized servers and policies enforced by Certificate Authority/Browser Forum and IETF help validate signatures beyond certificate expiration, interoperating with software build tools from Apache Software Foundation projects like Maven and Ant.
Platform vendors provide signing toolchains: Microsoft supplies SignTool and Authenticode support; Apple offers codesign and notarization for macOS and iOS developers integrated with Xcode and App Store Connect; Google requires APK and AAB signing for Google Play with tools like apksigner and Android Studio. Open-source ecosystems rely on GnuPG from the GNU Project and Apache build systems, while Linux distributors such as Debian, Fedora, and Arch Linux use package signing in formats like RPM and DEB. Hardware Security Modules from vendors such as Thales Group, Entrust, and Yubico store private keys and interface with PKCS#11 and FIDO Alliance mechanisms for secure signing in enterprise CI/CD pipelines orchestrated by Jenkins, Travis CI, and CircleCI.
Trust relies on hierarchical and web-of-trust models operated by Certificate Authorities such as DigiCert, Sectigo, GlobalSign, Let’s Encrypt, and GoDaddy. Vendor root programs maintained by Microsoft, Apple, and the Android ecosystem dictate which CA-issued code signing certificates are accepted for kernel modules, drivers, and applications. Extended validation and organization validation policies from the Certificate Authority/Browser Forum and legal frameworks like Federal Information Processing Standards shape issuance. Alternatives include key pinning used by projects like Mozilla and transparency initiatives such as Certificate Transparency logs and auditing by organizations including Electronic Frontier Foundation.
Threats include private key compromise, rogue CA issuance, cross-signing abuse, and supply-chain attacks exemplified by incidents involving vendors like SolarWinds, CCleaner, and breaches tied to Stuxnet-era concerns. Attack vectors exploit vulnerabilities in build systems used by GitHub, Bitbucket, and continuous integration platforms like Jenkins to insert malicious code that is subsequently signed. Countermeasures encompass key management with HSMs, certificate revocation via Online Certificate Status Protocol and CRLs, multi-party signing thresholds from research by National Institute of Standards and Technology, and reproducible builds advocated by Reproducible Builds project contributors and distributions like Debian and Fedora.
Regulatory regimes and legal precedents influence code signing practices through laws and policies enacted by bodies such as the European Union (including General Data Protection Regulation implications), United States Congress statutes, and standards from National Institute of Standards and Technology. Litigation and enforcement actions involving platform operators like Apple and Microsoft have shaped disclosure, liability, and consumer protection principles administered by agencies like the Federal Trade Commission and courts in jurisdictions including the United States District Court system and the European Court of Justice. International trade agreements and export controls from entities such as Bureau of Industry and Security affect cryptographic tool export and cross-border signing operations for companies like Intel Corporation, IBM, and Cisco Systems.
Category:Software security