If you are a software publisher or developer planning to distribute code or content over the Internet or through even through an extranet, you take a risk that hackers or other unscrupulous developers  could  try to impersonate you or tamper with your code.  Code Signing Digital IDs protect against these hazards.

Digital IDs are designed for organizations that publish software and commercial software developers. These Digital IDs provide sotware end-users assurance regarding the developers identity and legitimacy, much like a business license.

Features & Benefits of a Code Signing Digital ID

End User Confidence

A Code Signing Digital ID reassures and protects your software buyers by assuring  them that the code they download from your site is just as you created it , without tampering.

Authenticity

Upon download, an end user can be sure that the code they’ve received really came from you. This helps you preserve your professional  reputation and as importantly, your intellectual property. Code Signing certificates allow software buyers to verify the the author of digitally signed code and make contact with them should a problem arise.

Easy Integration with Current and Future Technology Standards

Most major browsers provide protective warnings when code is being installed that is not digitally signed by a rusted Certificate Authority such as VeriSign or Thawte.

Ease of Use

Code signing certificates are easy to use in conjunction with the vendor software tools that developers use to create products, macro’s and objects.

One of the larger questions facing the software industry is this: How can users trust code that is published on the Internet? Currently, most Web pages contain only static information, but soon they will be filled with controls and applications that are downloaded and run locally, on the user’s computer.

Packaged software uses branding and trusted sales outlets to assure users of its integrity, but these are not available when code is transmitted on the Internet. Additionally, there is no guarantee that the code hasn’t been altered while being downloaded. Browsers typically exhibit a warning message explaining the possible dangers of downloading data, but do nothing to actually see whether the code is what it claims to be. A more active approach must be taken to make the Internet a reliable medium for distributing software.

Ensuring Integrity and Authenticity

There are two issues that must be addressed to make the Internet a reliable source for software:

Ensuring authenticity – Assures users that they know where the code came from.
Ensuring integrity – Verifies that the code hasn’t been tampered with since its publication.

Microsoft’s solution to these issues is Microsoft Authenticode coupled with an infrastructure of trusted entities. A discussion of the infrastructure is included in the explanation of certification authorities later in this section. Authenticode, which is based on industry standards, allows developers to include information about themselves and their code with their programs through the use of digital signatures.

While Authenticode itself cannot guarantee that signed code is safe to run, Authenticode is the mechanism by which users can be informed of whether the software publisher is participating in the infrastructure of trusted entities. Thus, Authenticode serves the needs of both software publishers and users who rely upon the Internet for the downloading of software.