{
	"id": "60202450-e573-4297-a219-adf595c5eb2d",
	"created_at": "2026-04-06T00:12:33.818516Z",
	"updated_at": "2026-04-10T03:24:15.693638Z",
	"deleted_at": null,
	"sha1_hash": "ca1fb66fa7605ccf0176b674e1d5dfade7f671bb",
	"title": "Code signing",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 140555,
	"plain_text": "Code signing\r\nBy Contributors to Wikimedia projects\r\nPublished: 2006-01-19 · Archived: 2026-04-05 17:13:36 UTC\r\nFrom Wikipedia, the free encyclopedia\r\nCode signing is the process of digitally signing executables and scripts to confirm the software author and\r\nguarantee that the code has not been altered or corrupted since it was signed. The process employs the use of a\r\ncryptographic hash to validate authenticity and integrity.\r\n[1]\r\n Code signing was invented in 1995 by Michael Doyle,\r\nas part of the Eolas WebWish browser plug-in, which enabled the use of public-key cryptography to sign\r\ndownloadable Web app program code using a secret key, so the plug-in code interpreter could then use the\r\ncorresponding public key to authenticate the code before allowing it access to the code interpreter's APIs.[2][3]\r\nCode signing can provide several valuable features. The most common use of code signing is to provide security\r\nwhen deploying; in some programming languages, it can also be used to help prevent namespace conflicts. Almost\r\nevery code signing implementation will provide some sort of digital signature mechanism to verify the identity of\r\nthe author or build system, and a checksum to verify that the object has not been modified. It can also be used to\r\nprovide versioning information about an object or to store other metadata about an object.[4]\r\nThe efficacy of code signing as an authentication mechanism for software depends on the security of underpinning\r\nsigning keys. As with other public key infrastructure (PKI) technologies, the integrity of the system relies on\r\npublishers securing their private keys against unauthorized access. Keys stored in software on general-purpose\r\ncomputers are susceptible to compromise. Therefore, it is more secure, and best practice, to store keys in secure,\r\ntamper-proof, cryptographic hardware devices known as hardware security modules or HSMs.\r\n[5]\r\nMany code signing implementations will provide a way to sign the code using a system involving a pair of keys,\r\none public and one private, similar to the process employed by TLS or SSH. For example, in the case of .NET, the\r\ndeveloper uses a private key to sign their libraries or executables each time they build. This key will be unique to a\r\ndeveloper or group or sometimes per application or object. The developer can either generate this key on their\r\nown or obtain one from a trusted certificate authority (CA).[6]\r\nCode signing is particularly valuable in distributed environments, where the source of a given piece of code may\r\nnot be immediately evident - for example Java applets, ActiveX controls and other active web and browser\r\nscripting code. Another important usage is to safely provide updates and patches to existing software.[7] Windows,\r\nMac OS X, and most Linux distributions provide updates using code signing to ensure that it is not possible for\r\nothers to maliciously distribute code via the patch system. It allows the receiving operating system to verify that\r\nthe update is legitimate, even if the update was delivered by third parties or physical media (disks).[8]\r\nCode signing is used on Windows and Mac OS X to authenticate software on first run, ensuring that the software\r\nhas not been maliciously tampered with by a third-party distributor or download site. This form of code signing is\r\nnot used on Linux because of that platform's decentralized nature, the package manager being the predominant\r\nhttps://en.wikipedia.org/wiki/Code_signing\r\nPage 1 of 7\n\nmode of distribution for all forms of software (not just updates and patches), as well as the open-source model\r\nallowing direct inspection of the source code if desired. Debian-based Linux distributions (among others) validate\r\ndownloaded packages using public key cryptography.\r\n[9]\r\nTrusted identification using a certificate authority (CA)\r\n[edit]\r\nThe public key used to authenticate the code signature should be traceable back to a trusted root authority CA,\r\npreferably using a secure public key infrastructure (PKI). This does not ensure that the code itself can be trusted,\r\nonly that it comes from the stated source (or more explicitly, from a particular private key).[10] A CA provides a\r\nroot trust level and is able to assign trust to others by proxy. If a user trusts a CA, then the user can presumably\r\ntrust the legitimacy of code that is signed with a key generated by that CA or one of its proxies. Many operating\r\nsystems and frameworks contain built-in trust for one or more certification authorities. It is also commonplace for\r\nlarge organizations to implement a private CA, internal to the organization, which provides the same features as\r\npublic CAs, but it is only trusted within the organization.\r\nExtended validation (EV) code signing\r\n[edit]\r\nExtended validation (EV) code signing certificates are subject to additional validation and technical requirements.\r\nThese guidelines are based on the CA/B Forum's Baseline Requirements and Extended Validation Guidelines. In\r\naddition to validation requirements specific to EV, the EV code signing guidelines stipulate that \"the Subscriber's\r\nprivate key is generated, stored and used in a crypto module that meets or exceeds the requirements of FIPS 140-2\r\nlevel 2.\"[11]\r\nCertain applications, such as signing Windows 10 kernel-mode drivers, require an EV code signing certificate.[12]\r\nAdditionally, Microsoft's IEBlog states that Windows programs \"signed by an EV code signing certificate can\r\nimmediately establish reputation with SmartScreen reputation services even if no prior reputation exists for that\r\nfile or publisher.\"[13]\r\nSample EV code signing certificate\r\n[edit]\r\nThis is an example of a decoded EV code signing certificate used by SSL.com to sign software. SSL.com EV Code\r\nSigning Intermediate CA RSA R3 is shown as the Issuer's commonName, identifying this as an EV code signing\r\ncertificate. The certificate's Subject field describes SSL Corp as an organization. Code Signing is shown as\r\nthe sole X509v3 Extended Key Usage.\r\nCertificate:\r\n Data:\r\n Version: 3 (0x2)\r\n Serial Number:\r\nhttps://en.wikipedia.org/wiki/Code_signing\r\nPage 2 of 7\n\n59:4e:2d:88:5a:2c:b0:1a:5e:d6:4c:7b:df:35:59:7d\r\n Signature Algorithm: sha256WithRSAEncryption\r\n Issuer:\r\n commonName = SSL.com EV Code Signing Intermediate CA RSA R3\r\n organizationName = SSL Corp\r\n localityName = Houston\r\n stateOrProvinceName = Texas\r\n countryName = US\r\n Validity\r\n Not Before: Aug 30 20:29:13 2019 GMT\r\n Not After: Nov 12 20:29:13 2022 GMT\r\n Subject:\r\n 1.3.6.1.4.1.311.60.2.1.3 = US\r\n 1.3.6.1.4.1.311.60.2.1.2 = Nevada\r\n streetAddress = 3100 Richmond Ave Ste 503\r\n businessCategory = Private Organization\r\n postalCode = 77098\r\n commonName = SSL Corp\r\n serialNumber = NV20081614243\r\n organizationName = SSL Corp\r\n localityName = Houston\r\n stateOrProvinceName = Texas\r\n countryName = US\r\n Subject Public Key Info:\r\n Public Key Algorithm: rsaEncryption\r\n Public-Key: (2048 bit)\r\n Modulus:\r\n 00:c3:e9:ae:be:d7:a2:6f:2f:24 ...\r\n Exponent: 65537 (0x10001)\r\n X509v3 extensions:\r\n X509v3 Authority Key Identifier:\r\n keyid:36:BD:49:FF:31:2C:EB:AF:6A:40:FE:99:C0:16:ED:BA:FC:48:DD:5F\r\n \r\n Authority Information Access:\r\n CA Issuers - URI:http://www.ssl.com/repository/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R\r\n OCSP - URI:http://ocsps.ssl.com\r\n \r\n X509v3 Certificate Policies:\r\n Policy: 2.23.140.1.3\r\n Policy: 1.2.616.1.113527.2.5.1.7\r\n Policy: 1.3.6.1.4.1.38064.1.3.3.2\r\n CPS: https://www.ssl.com/repository\r\n \r\n X509v3 Extended Key Usage:\r\n Code Signing\r\n X509v3 CRL Distribution Points:\r\n \r\nhttps://en.wikipedia.org/wiki/Code_signing\r\nPage 3 of 7\n\nFull Name:\r\n URI:http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl\r\n \r\n X509v3 Subject Key Identifier:\r\n EC:6A:64:06:26:A7:7A:69:E8:CC:06:D5:6F:FA:E1:C2:9A:29:79:DE\r\n X509v3 Key Usage: critical\r\n Digital Signature\r\n Signature Algorithm: sha256WithRSAEncryption\r\n 17:d7:a1:26:58:31:14:2b:9f:3b ...\r\nThe other model is the trust on first use model, in which developers can choose to provide their own self-generated key. In this scenario, the user would normally have to obtain the public key in some fashion directly\r\nfrom the developer to verify the object is from them for the first time. Many code signing systems will store the\r\npublic key inside the signature. Some software frameworks and OSs that check the code's signature before\r\nexecuting will allow you to choose to trust that developer from that point on after the first run. An application\r\ndeveloper can provide a similar system by including the public keys with the installer. The key can then be used to\r\nensure that any subsequent objects that need to run, such as upgrades, plugins, or another application, are all\r\nverified as coming from that same developer.\r\nTime-stamping was designed to circumvent the trust warning that will appear in the case of an expired certificate.\r\nIn effect, time-stamping extends the code trust beyond the validity period of a certificate.[14]\r\nIn the event that a certificate has to be revoked due to a compromise, a specific date and time of the compromising\r\nevent will become part of the revocation record. In this case, time-stamping helps establish whether the code was\r\nsigned before or after the certificate was compromised.[14]\r\nDevelopers need to sign their iOS and tvOS apps before running them on any real device and before uploading\r\nthem to the App Store. This is needed to prove that the developer owns a valid Apple Developer ID. An\r\napplication needs a valid profile or certificate so that it can run on the devices.[15]\r\nLike any security measure, code signing can be defeated. Users can be tricked into running unsigned code, or even\r\ninto running code that refuses to validate, and the system only remains secure as long as the private key remains\r\nprivate.[16][17]\r\nIt is also important to note that code signing does not protect the end user from any malicious activity or\r\nunintentional software bugs by the software author — it merely ensures that the software has not been modified\r\nby anyone other than the author. Sometimes, sandbox systems do not accept certificates, because of a false time-stamp or because of an excess usage of RAM.\r\nMicrosoft implements a form of code signing (based on Authenticode) provided for Microsoft tested drivers.\r\nSince drivers run in the kernel, they can destabilize the system or open the system to security holes. For this\r\nreason, Microsoft tests drivers submitted to its WHQL program. After the driver has passed, Microsoft signs that\r\nversion of the driver as being safe. On 32-bit systems only, installing drivers that are not validated with Microsoft\r\nis possible after agreeing to allow the installation at a prompt warning the user that the code is unsigned. For .NET\r\n(managed) code, there is an additional mechanism called Strong Name Signing that uses Public/Private keys and\r\nhttps://en.wikipedia.org/wiki/Code_signing\r\nPage 4 of 7\n\nSHA-1 hash as opposed to certificates. However, Microsoft discourages reliance on Strong Name Signing as a\r\nreplacement for Authenticode.[18]\r\nThe Code Signing Working Group of the CA/Browser Forum decided that starting June 1, 2023, all code signing\r\ncertificates (not only the EA ones) should mandate private key storage on a physical media, such as in a hardware\r\ncrypto module conforming to at least FIPS 140-2 Level 2 or Common Criteria EAL 4+.[19] The CAs subsequently\r\nissued announcements on compliance with the decision.[20][21][22][23][24][25][26]\r\nUnsigned code in gaming and consumer devices\r\n[edit]\r\nIn the context of consumer devices such as games consoles, the term \"unsigned code\" is often used to refer to an\r\napplication which has not been signed with the cryptographic key normally required for software to be accepted\r\nand executed. Most console games have to be signed with a secret key designed by the console maker or the game\r\nwill not load on the console (both to enforce Vendor lock-in and combat software piracy). There are several\r\nmethods to get unsigned code to execute which include software exploits, the use of a modchip, a technique\r\nknown as the swap trick or running a softmod.\r\nIt may not initially seem obvious why simply copying a signed application onto another DVD does not allow it to\r\nboot. On the Xbox, the reason for this is that the Xbox executable file (XBE) contains a media-type flag, which\r\nspecifies the type of media that the XBE is bootable from. On nearly all Xbox software, this is set such that the\r\nexecutable will only boot from factory-produced discs, so simply copying the executable to burnable media is\r\nenough to stop the execution of the software.\r\nHowever, since the executable is signed, simply changing the value of the flag is not possible as this alters the\r\nsignature of the executable, causing it to fail validation when checked.\r\nDigital signature\r\niOS jailbreaking\r\nPlayStation Portable homebrew\r\nPrivilege escalation\r\nRooting (Android OS)\r\nSymbian OS Security bypass\r\n1. ^ \"Introduction to Code Signing (Windows)\". learn.microsoft.com. August 15, 2017. Archived from the\r\noriginal on February 6, 2024. Retrieved March 13, 2024.\r\n2. ^ \"WebWish: Our Wish is Your Command\".\r\n3. ^ Schroeder, H and Doyle, M. “Interactive Web Applications with Tcl/Tk”. Academic Professional, Boston,\r\n1998, p. 14, ISBN 0122215400.\r\n4. ^ Hendric, William (2015). \"A Complete overview of Trusted Certificates - CABForum\" (PDF). Archived\r\n(PDF) from the original on 2019-04-22. Retrieved 2015-02-26.\r\n5. ^ \"Securing your Private Keys as Best Practice for Code Signing Certificates\" (PDF).\r\nhttps://en.wikipedia.org/wiki/Code_signing\r\nPage 5 of 7\n\n6. ^ Hendric, William (17 June 2011). \"What is Code Signing?\". Archived from the original on 20 June 2018.\r\nRetrieved 26 February 2015.\r\n7. ^ \"Digital Signatures and Windows Installer - Win32 apps\". learn.microsoft.com. January 7, 2021.\r\nArchived from the original on January 30, 2024. Retrieved March 13, 2024.\r\n8. ^ windows-driver-content (2022-05-18). \"Windows Secure Boot Key Creation and Management\r\nGuidance\". learn.microsoft.com. Archived from the original on 2023-10-30. Retrieved 2023-09-22.\r\n9. ^ \"SecureApt - Debian Wiki\". wiki.debian.org. Archived from the original on 2019-05-07. Retrieved 2019-\r\n05-07.\r\n10. ^ \"Code signing\" (PDF). 2014-02-26. Archived (PDF) from the original on 2014-02-26. Retrieved 2014-\r\n02-21.\r\n11. ^ \"Guidelines For The Issuance And Management Of Extended Validation Code Signing Certificates\"\r\n(PDF). CA/Browser Forum. Archived (PDF) from the original on 27 November 2019. Retrieved 4\r\nDecember 2019.\r\n12. ^ \"Driver Signing Policy\". Microsoft. Archived from the original on 9 December 2019. Retrieved 9\r\nDecember 2019.\r\n13. ^ \"Microsoft SmartScreen \u0026 Extended Validation (EV) Code Signing Certificates\". Microsoft. 14 August\r\n2012. Archived from the original on 9 December 2019. Retrieved 9 December 2019.\r\n14. ^ Jump up to: a\r\n \r\nb\r\n Morton, Bruce. \"Code Signing\" (PDF). CASC. Archived (PDF) from the original on 26\r\nFebruary 2014. Retrieved 21 February 2014.\r\n15. ^ \"Distributing your app to registered devices\". Apple Developer Documentation. Archived from the\r\noriginal on 2024-03-13. Retrieved 2024-01-15.\r\n16. ^ \"Fake antivirus solutions increasingly have stolen code-signing certificates\". 9 January 2014. Archived\r\nfrom the original on 16 April 2014. Retrieved 14 April 2014.\r\n17. ^ \"Why Private Keys Are the Achilles' Heel of Code Signing Security\".\r\n18. ^ \".NET Security Blog\". learn.microsoft.com. August 6, 2021. Archived from the original on January 19,\r\n2024. Retrieved March 13, 2024.\r\n19. ^ \"Baseline Requirements for the Issuance and Management of Publicly-Trusted Code Signing\r\nCertificates\" (PDF). CA/Browser Forum. 2024. p. 10. Archived (PDF) from the original on March 13,\r\n2024. Retrieved March 22, 2024. “(Section 1.2.2) [...] Effective June 1, 2023, for Code Signing\r\nCertificates, CAs SHALL ensure that the Subscriber's Private Key is generated, stored, and used in a\r\nsuitable Hardware Crypto Module that meets or exceeds the requirements specified in section 6.2.7.4.1\r\nusing one of the methods in 6.2.7.4.2.”\r\n20. ^ \"Code Signing - Storage of Private Keys | SignPath\". SignPath - Code Signing Simple and Secure.\r\nArchived from the original on 2024-03-08. Retrieved 2024-03-13.\r\n21. ^ \"Code signing changes in 2021\". knowledge.digicert.com. Archived from the original on 2023-12-10.\r\nRetrieved 2024-03-13.\r\n22. ^ \"DigiCert timeline: Code signing's new private key storage requirement\". knowledge.digicert.com.\r\nArchived from the original on 2023-12-08. Retrieved 2024-03-13.\r\n23. ^ \"New private key storage requirement for Code Signing certificates\". knowledge.digicert.com. Archived\r\nfrom the original on 2024-02-19. Retrieved 2024-03-13.\r\n24. ^ \"[CSCWG-public] Voting results Ballot CSCWG-17: Subscriber Private Key Extension\". 26 September\r\n2022. Archived from the original on 2022-12-05. Retrieved 2024-03-13.\r\nhttps://en.wikipedia.org/wiki/Code_signing\r\nPage 6 of 7\n\n25. ^ \"Code Signing Key Storage Requirements Will Change on June 1, 2023\". Archived from the original on\r\nOctober 2, 2023. Retrieved March 13, 2024.\r\n26. ^ \"460 Day Code Signing Certificate Validity (Update)\". SignMyCode. 7 February 2026. Archived from the\r\noriginal on 7 February 2026. Retrieved February 16, 2026.\r\nApple Code Signing Guide\r\nMicrosoft Introduction to Code Signing\r\nDebian Security Infrastructure\r\nStrong Distribution HOWTO\r\nSource: https://en.wikipedia.org/wiki/Code_signing\r\nhttps://en.wikipedia.org/wiki/Code_signing\r\nPage 7 of 7",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://en.wikipedia.org/wiki/Code_signing"
	],
	"report_names": [
		"Code_signing"
	],
	"threat_actors": [
		{
			"id": "f276b8a6-73c9-494a-8ab2-13e2f1da4c53",
			"created_at": "2022-10-25T16:07:24.441133Z",
			"updated_at": "2026-04-10T02:00:04.993411Z",
			"deleted_at": null,
			"main_name": "Achilles",
			"aliases": [],
			"source_name": "ETDA:Achilles",
			"tools": [
				"RDP",
				"Remote Desktop Protocol"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434353,
	"ts_updated_at": 1775791455,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/ca1fb66fa7605ccf0176b674e1d5dfade7f671bb.pdf",
		"text": "https://archive.orkl.eu/ca1fb66fa7605ccf0176b674e1d5dfade7f671bb.txt",
		"img": "https://archive.orkl.eu/ca1fb66fa7605ccf0176b674e1d5dfade7f671bb.jpg"
	}
}