The ability of users to trust code that is published on the Internet is a major challenge facing the software industry. Similarly, large organizations deploying line of business applications such as enterprise resource planning (ERP) systems must decide what software to trust. Packaged software has traditionally relied upon branding and trusted sales outlets to assure users of the legitimacy and integrity of the software. This is not available when code is transmitted across the Internet. Building trust requires a reliable mechanism by which users can verify the identity of a code publisher and verify that the code has not been changed since its publication date.
Malicious code in the form of viruses, worms, and Trojans is now a serious threat that impacts every computer user, whether network-connected or not. Recent reports indicate that, in the United States alone, the effect of malicious code costs industry and consumers between $427M and $522M in 2004.
This paper describes the role of Microsoft Authenticode code-signing and time-stamping in establishing user trust in code that is published online. It provides an overview of the Authenticode code-signing and time-stamping process and examines the role of public key cryptography in proving the identity of the code publisher and proving that code has not been tampered with since original publication. The paper looks at the importance of protecting the credentials that underpin Authenticode and the role of cryptographic hardware in securing digital keys and certificates.