|
|
(2 intermediate revisions by the same user not shown) |
Line 1: |
Line 1: |
| <!--
| | #redirect [[Security_notes_/_Message_signing_notes#Code_signing]] |
| | |
| Code signing refers to message signing of a executable or script,
| |
| * to help prove it was not changed in transit, and/or
| |
| * to prove and was made by who says made it
| |
| | |
| A hash would be enough for the former, but asymmetric cryptography is better for the second.
| |
| | |
| ()
| |
| | |
| | |
| | |
| Code signing is only as strong as your checks.
| |
| | |
| Since you're unlikely to do these yourself, or do them properly (as unlikely as you are to check keys via a trusted third channel like you should),
| |
| code signing is mostly meaningful when it comes to the assurances of some intermediate.
| |
| | |
| See e.g. window's driver signing.
| |
| | |
| And, to a lesser degree, app stores.
| |
| | |
| -->
| |