Internet Spec List

Authenticode Digital Signing Info

Authenticode is Microsoft's Digital Signing system. This provides a mechanism to digitally sign Internet content to validate its authenticity.

Note: Authenticode 1.0 had a serious (though not security-related) defect, which causes all content signed via Authenticode to expire when Microsoft's publisher's certificate expires; which occurred on June 30, 1997.

The result is that:

  • Microsoft released a new Authenticode 2.0 spec.
  • Publishers need to get a new 2.0 signing kit and re-sign their ActiveX and Java applets.
  • Users need to upgrade their IE browsers to 3.02 or later.
This does not affect Netscape or other browsers, nor users with disabled certificate-checking.

References

- Grafman's Security Tips
- Internet Security Protocols
- Trust Verification Services spec
- Publishing Trust Provider spec
- Component Downloading spec

Copyright © 1997 - Grafman Productions - ALL RIGHTS RESERVED
For comments/correction/additions regarding this reference, email specs@graphcomp.com.

Grafman Productions