Microsoft Authenticode, which is based on industry standards, allows developers to include information about themselves and their code with their programs through the use of digital signatures.
This section lists required files, briefly discusses the X.509 protocol structure for public-key certificates, and suggests further reading. New authenticode behavior for Windows XP Service Pack 2 (SP2) is also discussed.
|Important Release Information||
Authenticode version 2.0 was coupled with Microsoft Internet Explorer 4.0, and it contains changes and enhancements over the previous version of Authenticode, which was released with Microsoft Internet Explorer 3.02 UPD. Another version of Authenticode was released for Microsoft Internet Explorer 5 and later.
|Introduction to Code Signing||
Packaged software uses branding and trusted sales outlets to assure users of its integrity, but these are not available when code is transmitted on the Internet. Additionally, there is no guarantee that the code hasn't been altered while being downloaded. Browsers typically exhibit a warning message explaining the possible dangers of downloading data, but do nothing to actually see whether the code is what it claims to be. A more active approach must be taken to make the Internet a reliable medium for distributing software.
|Signing and Checking Code with Authenticode||
This section demonstrates how to sign code by creating digital signatures and associating them with files using Authenticode technology. Creating a fully verifiable certificate might assume the existence of a complex hierarchy of certification authorities. A root certificate and a root private key are provided for testing purposes only. Independent software vendors (ISVs) must obtain a certificate from a certification authority that is trusted by default in Windows. (For a list of trusted certification authority (CA) see Microsoft Root Certificate Program Members.)
|Signing Code with Microsoft Authenticode Technology|