Contents
Previous Topic: Signing Code with Microsoft Authenticode Technology
Next Topic: Introduction to Code Signing
| | |
| ||
| ||
Important Release Information
This release of Authenticode version 2.0 is coupled with Microsoft Internet Explorer version 4.0, and contains changes and enhancements over the previous version that was released with Internet Explorer version 3.02 UPD.
The version of Authenticode that was released with Internet Explorer 3.02 UPD added several new important code-signing features that improve on the initial implementation of Authenticode. Both the code-signing tools and browsers were updated with a new infrastructure that provides for these new features. The two most important features are:
- The addition of a verifiable signature timestamp. When a software publisher's certificate expires, it is impossible to determine if the software was signed during the valid period of the certificate without incorporation of a verifiable signature timestamp. Authenticode version 2.0 incorporates timestamping support in both the signing and verification tools. In addition, VeriSign will be supporting a verifiable timestamping service for Authenticode signing purposes.
- Inclusion of certificates in the certificate authority (CA) verification hierarchy which expire on June 30, 1997. Earlier versions of Internet Explorer will be unable to verify Authenticode signatures after that date. Internet Explorer version 3.02 UPD and future versions resolve this by eliminating these 'short lived' certificates. Signatures on certificates issued by VeriSign will properly verify until expiration of the VeriSign root certificate.
This release (with Internet Explorer 4.0) contains the same infrastructure and features as the Internet Explorer 3.02 UPD release. However, to provide a more consistent user interface, many of the command line option flags have been re-named or changed, and a few have been added.
As a result of these Authenticode improvements, the following steps need to be taken:
- Software publishers need to re-sign their code using the Authenticode version 2.0 tools for Internet Explorer 3.02 UPD or Internet Explorer 4.0 in order for users to be able to verify their signed files after June 30, 1997.
- Users need to upgrade to Internet Explorer version 3.02 UPD or Internet Explorer 4.0 in order to verify signed files after June 30, 1997.
Note that once files are re-signed, users of Internet Explorer versions earlier than 3.02 UPD will not be able to verify the re-signed files unless they upgrade to version 3.02 UPD or version 4.0. But after July 1, 1997, users of Internet Explorer versions earlier than 3.02 UPD will not be able to verify any signed files, whether the files have been re-signed with the new tools or not. It is clearly in the users' best interest to upgrade to Internet Explorer 3.02 UPD or version 4.0 to be able to continue to verify signed files. So software publishers should be able to re-sign their code using the new tools with confidence that users will be able to verify the files.
Additionally, by using the VeriSign service to timestamp the new signatures, software publishers gain the added benefit that the digital signatures will not need to be re-signed when their own software publishing certificate expires.
Top of Page
© 1997 Microsoft Corporation. All rights reserved. Terms of Use.