Scottsdale, AZ (PRWEB) September 28, 2008
W-Global's new Code Signing Certificates are perfect for software publishers and content providers of ActiveX controls, dynamic link libraries (.dll files), .cab files, HTML content or any other software distributed over the Internet or via an extranet. Time-stamping service provided, allowing distribution of signed code beyond certificate Expiration. Protects your intellectual property by warding off impersonation and tampering. Can be applied to software releases, Microsoft® Office documents with macros, virus updates, firmware images, configuration files and other types of files.
W-Global Code Signing Certificates are fully integrated with Industry-Standard Technology. Code signing certificates are used by content publishers to append digital signatures to their products. These digital signatures prove to consumers of the content the identity of the creator and validate that content has not been tampered with since it was originally distributed. Code signing digital signatures can be used to sign content including software components, macros, firmware images, virus updates, configuration files or other types of content for secure delivery over the Internet or other mechanisms. Code signing has becoming increasingly important, with the rapid growth of Internet distribution of content and tightened security settings in many newer browsers and/or operating systems.
The software publisher requests a code-signing certificate from us. A public key will be created on requestor's machine, either in a file or in the Windows/Internet Explorer certificate store. We never receive the private key. Once the information provided has been validated and the certificate has been issued, we will send an email containing a link to download the certificate file. The publisher creates the software component or other content to be signed. The publisher uses a code-signing tool, supplied by platform vendor, to add a digital signature to the content. An optional time stamp can also be added to the digital signature, to extend the life of the software component beyond the validity period of the code-signing certificate. The digital signature contains an encrypted hash of the software component, which is used to verify that the code has not been tampered with after it is signed. SignTool.exe from Microsoft is used for signing most standard Windows code (.exe., .ocx, .dll, .cab,). The publisher will need to specify the code to be signed, the private key file, the code signing certificate and optionally the time stamping server URL. Jarsigner is used for signing Java applications. Starting with Java 5, jarsigner added support for time stamping. If a time stamp is to be added to the code, an Internet connection is required. The software publisher verifies the digital signature, before distributing the product. SignTool.exe from Microsoft is used for verifying digital signatures for most standard Windows code formats. Newer versions of jarsigner can be used to verify the digital signature in a Java software component.
An end user attempts to execute the software component. The browser or Operating System will inspect the software to make sure it has not been tampered with, since it was signed. If a time stamp is present, the time stamp will be used to verify that the code signing certificate was still valid (had not expired or been revoked) at the time the time stamp was added to the digital signature on the software component.
For more information about W-Global's Code Signing Certificate, visit https://www.w-global.com
14455 North Hayden Rd
- W-Global -
© 2008 W-Global All Rights Reserved.
# # #