What is the code signing PKI?

The code signing PKI gurantees the authenticity of the publishers and the integrity of software.

Code signing process

Simlar to the Web's PKI, the process begins with applying for a code signing certificate from a CA. The applicaion for the CA requires the publisher to submit a newly generated public key (c.f., the associated private key is securely kept in the publisher side) and the publisher's identity such as a photo ID. After verfying the publisher's identity, CA issues a code signing certificate that follows the X.509 v3 certificate standard.

The publisher uses the private key associated with the certificate to sign his/her software. If he/she wants to extend the trust in the signed program even after the certificate expiration date, he/she can use the trust timestamping mechanism. When signing the software, the hash value of the software is computed and the hash value is signed with his/her private key. The signature and the certificate (or the chain of the certificate) are bundled with the original software.

In the clien side, clients use the public key embedded in the certificate to verify the signature. If verified, the software is not altered after signed.

What is the dinstct difference between the code signing PKI and the Web's PKI (TLS)?

Trust Timestamping

In the Web's PKI, after TLS certificates expires, the certificate and the associated domain are no longer valid. However, in the code signing PKI, as long as the signed binary samples carry the trust timestamp, the signed binary samples can be valid even after its certificate expires.

To trust timestamp, the hash value of the binary sample to sign is sent to a TSA server. The TSA server creates a current timestamp and signs the timestamp with their private key to gurante the integrity of the trust timestamp. The issued trust timestamp and the signature are sent to the publisher, and they are bundled with the orinigal software.

Used to sign the ulimited number of binary samples

Unlike the TLS where a certificate is bound to only one domain, in the code signing PKI, a code signing certificate can be used to sign the unlimited number of binary samples. It results in the difficults for CAs, security companies, and pubishers to discover compromised certificates as well as malware samples signed with the compromised certificate.