Free Software Magazine: Code Signing Systems
Dec 15, 2005, 07:00 (0 Talkback[s])
(Other stories by Saqib Ali)
[ Thanks to Dave Guard for this
"This article looks at the management of the private key for the
Software Publishing Certificate (SPC). SPCs are used to digitally
sign binaries that are produced by software development vendors.
Digitally signing executables proves the identity of the software
vendor and guarantees that the code has not been altered or
corrupted since it was created and signed. Signing the code
requires access to the SPC and the Private Key (PVK) associated
with the SPC.
"In cryptography, key management includes secure generation,
distribution, and storage of keys. Appropriate and successful key
management is critical to the secure use of every crypto-system