We are independent & ad-supported. We may earn a commission for purchases made through our links.
Advertiser Disclosure
Our website is an independent, advertising-supported platform. We provide our content free of charge to our readers, and to keep it that way, we rely on revenue generated through advertisements and affiliate partnerships. This means that when you click on certain links on our site and make a purchase, we may earn a commission. Learn more.
How We Make Money
We sustain our operations through affiliate commissions and advertising. If you click on an affiliate link and make a purchase, we may receive a commission from the merchant at no additional cost to you. We also display advertisements on our website, which help generate revenue to support our work and keep our content free for readers. Our editorial team operates independently of our advertising and affiliate partnerships to ensure that our content remains unbiased and focused on providing you with the best information and recommendations based on thorough research and honest evaluations. To remain transparent, we’ve provided a list of our current affiliate partners here.
Technology

Our Promise to you

Founded in 2002, our company has been a trusted resource for readers seeking informative and engaging content. Our dedication to quality remains unwavering—and will never change. We follow a strict editorial policy, ensuring that our content is authored by highly qualified professionals and edited by subject matter experts. This guarantees that everything we publish is objective, accurate, and trustworthy.

Over the years, we've refined our approach to cover a wide range of topics, providing readers with reliable and practical advice to enhance their knowledge and skills. That's why millions of readers turn to us each year. Join us in celebrating the joy of learning, guided by standards you can trust.

What Is Code Signing?

By Alex Newth
Updated: Feb 15, 2024
Views: 4,656
References
Share

Hackers frequently take software — whether offline or online — rearrange and change the code to make it malicious, and then upload it online so users download the free program and the malicious code it contains. To ensure users do not run into this problem, code signing is used. Code signing is a method by which the original programmer or company that made the program signs the program and, when the program is installed, it is authenticated to ensure the program has had no coding added or changed. This does not require any special software on the user’s side, and the user is able to verify the programmer's identity. While this is intended as a form of security, a hacker who creates a program or finds away around a signing can create artificial and misplaced trust.

Programs are constantly sold both online and offline. When someone buys a program offline from a trusted supplier or retailer, the user has very little reason to worry about hackers injecting malicious code into the program. This is because, unless the software developer intentionally made a dangerous program, there is no way for someone to tamper with the software and make it malicious. When a user downloads a program from the Internet, there is no such guarantee.

To protect users who buy or download programs online, code signing is implemented. Code signing is separated into two parts: the developer and the end-user. The developer uses a cryptographic hash, a one-way operation that disguises the code of the program, and then combines his or her private key with the hash. This creates a signature that is implanted onto the program.

When the user receives the program, the second portion of the code signing process occurs. The program examines the certificate and a public key that the programmer placed in the program. Using the public key, the program is able to run the same hash on the current programming, and then it checks the original against the current version being installed. If both the installed program and the original sync up, this shows the user that nothing has been altered. This process is done automatically, and the programs needed for this authentication should be pre-installed on the computer’s operating system (OS).

While code signing is a powerful method for ensuring security, it does have flaws. If the user is downloading a program from a hacker, then the authentication will show the original program is intact. This would lead a user to a false sense of security; the program is made to be malicious, so security is not achieved in this sense. Sophisticated hackers also can get around the hash to inject coding, rendering code signing useless.

Share
WiseGeek is dedicated to providing accurate and trustworthy information. We carefully select reputable sources and employ a rigorous fact-checking process to maintain the highest standards. To learn more about our commitment to accuracy, read our editorial process.
Link to Sources

Editors' Picks

Discussion Comments
Share
https://www.wise-geek.com/what-is-code-signing.htm
Copy this link
WiseGeek, in your inbox

Our latest articles, guides, and more, delivered daily.

WiseGeek, in your inbox

Our latest articles, guides, and more, delivered daily.