Code Signing and Security on the Internet
As you can see, many web pages today have controls and applications that must be downloaded and run locally on the user's computer. This brings up the question of whether to trust the code that you download. After all, ActiveX controls are executable components, so it would be possible to design a control that reformats the hard drive! The Internet Explorer now displays a dialog box, similar to the one shown in Figure 4-9, indicating to the user that code is about to be downloaded. The dialog box does give the user the option of not downloading the code, but it is basically up to the user to decide whether the code is safe.
.gif)
Figure 4-9.
Sample of a security dialog box when code is about to be downloaded.
In an effort to address this issue head-on, Microsoft is pioneering a concept called code signing. Code signing is a process by which software manufacturers can digitally "sign" their code. The browser can then match the signature on the code with the manufacturer's known signature to ensure that the code has not been tampered with. To begin this process, the software manufacturer works with a third party, called a certificate authority, to obtain a digital certificate. Once the software manufacturer has finished testing the code, the digital certificate is used to sign the code. Signing the code involves embedding a signature block in the code. The signature block is a structure that contains information about the code, the digital certificate, and the software manufacturer's credentials.
When a browser is preparing to download code that has been signed, a method is required to verify it. Verification involves extracting the information from the signature block, validating the certificate, and determining whether the code has been modified. If the code is determined to be secure, it will be downloaded. Otherwise, a warning is displayed to the user, indicating the potential problem, and the user can decide whether it is safe to download the code.
Figure 4-10 shows a sample of what a user might see when downloading software over the Internet, using the Internet Explorer. It is a mock certificate that displays the credentials of software that is to be downloaded.
.gif)
Figure 4-10.
A mock code-signature certificate.
In addition to code signing, the Internet Explorer also incorporates cryptographic technology. Cryptography is the encoding and decoding of data for secure transmission and storage. The Internet Explorer has access to cryptographic functions through the Microsoft Cryptographic Application Programming Interface (CryptoAPI). The CryptoAPI, along with code signing, is expected to provide an environment in which third-party tools flourish and are widely distributed on the Internet.