Javascript Menu by Deluxe-Menu.com
Provider of 128 bit ssl
Network Security
 

Code Signing Certificates

     Code Signing Process

 
 

 


The process is outlined below

  1. Publisher obtains a Code Signing Digital ID from EBIZID.
  2. Publisher creates code.
  3. Using the SIGNCODE.EXE utility, the publisher:
    • Creates a hash of the code, using an algorithm such as MD5 or SHA,
    • Encrypts the hash using his/her private key,
    • Creates a package containing the code, the encrypted hash, and the publisher's certificate.
  4. The end user encounters the package.
  5. The end user's Microsoft browser examines the publisher's Digital ID. Using the EBIZID root Public Key, which is already embedded in Authenticode-enabled applications, the end user browser verifies the authenticity of the Code Signing Digital ID (which is itself signed by the EBIZID root Private Key).
  6. Using the publisher's public key contained within the publisher's Digital ID, the end user browser decrypts the signed hash.
  7. The end user browser runs the code through the same hashing algorithm as the publisher, creating a new hash.
  8. The end user browser compares the two hashes. If they are identical, the browser messages that the content has been verified by EBIZID, and the end user has confidence that the code was signed by the publisher identified in the Digital ID, and that the code hasn't been altered since it was signed.

The entire process is seamless and transparent to end users, who see only a message that the content was signed by its publisher and verified by EBIZID.

The Six Steps to Signing Code

These instructions provide an overview of obtaining and using Microsoft Authenticode and a Code Signing Digital ID from EBIZID.

Step 1: Make Sure that you Are Running the Correct Versions of all Tools:

These include:

  • Internet Explorer 4.0 or later
  • Internet Client SDK

Step 2: Apply for a Code Signing ID for Authenticode from EBIZID

In the process of applying for a Code Signing ID, your browser will generate a private key. You should store this private key (called MyPrivateKey.pvk) on a floppy disk, which is stored in a safe deposit box or other secure location. Please make a back-up copy of this private key, as you will need this key to sign code. This key is never sent to EBIZID, so if you lose this private key, you will be unable to sign code. If this key is lost or stolen, please contact EBIZID immediately.

Step 3: Pick up your Digital ID

Once you have completed the application process, EBIZID will take a number of steps to verify your identity. For commercial publishers, EBIZID does a considerable amount of background checking. As a result, it will take approximately 3-5 days to verify your information and issue a Digital ID.

At the end of this process, EBIZID will send you an e-mail containing a PIN (Personal Identification Number). Follow the instructions in this e-mail to pick up your Digital ID. Save your Digital ID as a file (e.g. MyCredentials.spc).

Please note that you must use the same machine to apply for and obtain your Digital ID. You can then use the private key and Digital ID to sign files on a different machine.

Step 4: Prepare your Files to be Signed

If you are building any PE file (.exe, .ocx, .dll or other), you need not do anything special. For cab files, you need to add the following entry to your .ddf file before creating the cab file: Set ReservePerCabinetSize=6144

Step 5. Sign your Files

You can now sign your .exe, or .cab, .ocx, or .dll file. To sign, you will use the SIGNCODE.EXE utility included in the ActiveX SDK. You will also need your Digital ID file (generally called MyCredentials.spc) and the diskette containing your private key (MyPrivateKey.pvk).

Signcode should be used from the MS-DOS prompt.

Step 6: Test Your Signature

The Microsoft SDK contains a utility called chktrust.exe. This may be used to check your signature before distributing your file.

To test a signed .exe, .dll or .ocx file, run chktrust filename
To test a signed cab file, run chktrust -c cabfilename.cab

If your signing process was OK, this will bring up a certificate. Congratulations, you have just digitally signed your file. When this file is downloaded from a Web site by Internet Explorer, it will display the same certificate to the user. If the file is tampered with in any way after it has been signed, the user will be notified and given the option of refusing installation.

Conclusion

Microsoft and EBIZID are committed to making the Internet a secure and viable platform for commerce and the distribution of content. With Authenticode and EBIZID's Code Signing Digital IDs, your code will be as safe and trustworthy to your customers as it would be if you shrink-wrapped it and sold it off a store shelf.

ORDER NOW!

 

 

 
 

 

 SSL | SSL Wildcard Certificates  | Secure Email Encryption | 128 Bit Encryption | SSL Authentication | Secure Server | SSL Index | PKI Services
© EBIZID™ Security Services 2001-2010