To close this chapter, we note that there are other ways of signing code to make it trustworthy. For example, for many years, PGP signature certificates have been used for validating programs and announcements distributed over the Internet. Because support for PGP is not built into web servers and browsers, the signature signing and verification must be done as a two-step process. A second drawback is that PGP signatures cannot use the public key infrastructure developed for use with web browsers. A benefit of the use of PGP is that any kind of file, document, or program can be signed with PGP, as PGP signatures can be “detached” and saved in separate locations.
Code Signing URLs
An overview of the World Wide Web Consortium’s Digital Signatures initiative.
Microsoft’s proposal for distributing software safely on the Internet.
Microsoft’s code signing home page.
3.134.78.106