Microsoft Authenticode Technology
Microsoft
End users need code verification
Today's Web site is provided to users not only a rich experience, but also possible to include unintentional malicious code. With the growing active content on the Internet, users must regularly determine whether to download code from the Internet. However, before the code is downloaded to their computer, the end user cannot know the function of this part of the program.
Unlike the actual retail environment, the software on the Internet does not make tags or is schematically packaged. Therefore, end users cannot confirm the publisher of the Internet. And if the code has been tampered with them, they cannot know. Therefore, end users will take a certain risk when downloading Java Applets, plug-ins.., The Microsoft® ActiveXTM control, and other executable code.
Internet Explorer 3.0 will then use the code verificationTM (AuthenticodeTM "technology to help end users handle this problem. Before the user downloads the software to their PC, the code verification technology will confirm the publisher of the signature software and verify that the software has been tampered. In this way, end users can make a more comprehensive decision on whether downloading code is downloaded.
How to sign my code
To use code verification technology, you need to download ActiveX SDK to get the tool and you need to download the deeper technical information you want. "The Six Steps to Signing Your Code" Six steps for the code setting signature) Explain how to get your software publisher authentication from Verisign et al. And how to use the tools provided in ActiveX SDK to your code. Set the signature and test. The following content describes the code signature process from a higher level.
Application and Software Publishing Authentication You need to apply from a CA (Certificate Authority, certified authorization) organization that supports code verificationTM technology and gets an individual or commercial software publisher (Individual / Commercial Software Publisher). "Digital Certificates for Authenticode provides more detailed information about the software publisher authentication process. VeriSign is now able to provide digital IDSSSM technology for software publishers (Digital IDSSSSSSM for Software Publishers). You must generate a pair of keys during the application and provide the necessary information to CA. This information should include your name, address, public key, and other related information. Relevant information depends on your application, personal or commercial software publisher certification. CA will test your trust and other indicators according to the material. When you determine that you meet its certification criteria, CA will generate a Software Publisher Certificate that meets the expansion version of the Industrial Standard X.509 Authentication Format 3.0. The authentication determines your identity and contains your public key. It will be saved in CA to view and replicate a copy by email. You should review the content of the certification. After receiving authentication, you have to include a copy of the authentication in all published software with private key signs. Commercial developers are expected to receive reply to them within two weeks. The number of certifications that commercial software publishers can do is unlimited, which helps you determine how you can get authenticated users and how to sign and distribute the code. Signature and Distributive Software Now You can start setting the software settings and distribute them on the Internet. The code signature includes the following steps: