Distribution Unit Signing and Security

  • Article

   

With the Microsoft development environment, you can sign your cabinet and setup files with a digital identification. You can use digital signing to help your users trust the contents of your distribution units, by ensuring the distribution unit is authentic and has not been tampered with.

When signing distribution units, you should understand:

  • Digital signatures in the development environment.

  • Acquiring a certificate.

  • How a digital signature works.

  • Keeping your private key secure.

Digital Signatures in the Development Environment

You can sign distribution units in the development environment with two kinds of signature certificates.

  • The Visual Studio test certificate

  • An individual or corporate certificate

The Visual Studio test certificate is provided for you to test the behavior of a signed distribution unit, but should not be used to sign components that you want to distribute. The text on the Visual Studio test certificate indicates that components signed with it should not be trusted.

A certificate authority to identify an individual or corporation issues an individual or corporate certificate. It is made up of two components: the certificate file and a private key. Both are required to sign a distribution unit. Additionally, you can specify the URL of a timestamp server that will record on the distribution unit the date that it was signed. Any distribution units you provide for commercial purposes or to other people should have your own certificate file attached (rather than the test certificate).

A certificate is a set of data that identifies the original creator of the file, and the time and date of the file's creation (timestamp) as registered with a certificate authority. The data set in a certificate includes your public key. When you sign a file with your private key, the recipient of the file can use the public key (retrieved from the certificate you sent or from the certificate authority) to verify your identity.

To check or change the signing settings for your distribution unit, see the property pages for the Visual J++ or distribution unit project. For cabinet projects, see the cabinet's main property tab of the property page dialog box. For setup projects, see the Signing tab of the property page dialog box.

The default signature settings for the development environment are set in the Security Page, located on the Options dialog box, under the Tools menu. These settings include whether files are signed at all, signed with the test certificate, or signed with the custom certificate you provide, and are the default values for signing cabinet projects and setup projects. The settings are copied automatically from this Options page to the project's property page for signing; you can then modify them to suit the needs of the particular project you created.

Acquiring a Certificate

To get a certificate, you need to provide information about yourself to a certificate authority, for example, Verisign, Inc. If you are applying as a representative of your corporation, you need to give the certificate authority all your personal information, pledge that your software will cause no harm to another's computer or software, and provide the Dun & Bradstreet Rating for your corporation. If you are applying for individual certification, you need to provide your personal identification and pledge that your software does not knowingly contain any harmful elements to another computer or another's code.

Understanding How a Digital Signature Works

Digital signing attaches an identity to a distribution unit that says where the code came from.

Signing a distribution unit with a digital signature does not alter the contents of the distribution unit; the digital signature is bundled with the data. There are two parts to a digital signature; the public key and the private key. These are two parts of an algorithm. The public key is available to everyone. The private key is available only to the owner of that digital signature.

When attaching a key to a file, the private key encrypts a special cryptographic digest of the file, signing the file when the file and the signature are sent, the recipient browser produces another special cryptographic digest of the file with the public key. Then the public key digest version of the file is matched against the recipient's private key digest version of the file. If those two match, the file is safe and was not tampered with.

The receiving browser decrypts the signed file with the public key.

Keeping Your Private Key Secure

Once you receive your own digital signing certificates, keep your private key as secure as possible. If another person got a hold of your private key, they have the potential to distribute information on the Internet or intranet in your name. Specifically, do not place your private key on removable media, on shared drives, or send it in e-mail.