Hi, my name is Harry. In this blog, I will explain about the digital signature and how it works.
The digital signature is a fixed-length produced from a hash function value that is encrypted with a private key. This digital signature act as a stamp of approval for the software, documents, or a message. Technically, when something is digitally signed it ensures that came from the original publisher and protects from alteration after publication.
Why is it important to know about this?
Well, imagine if you downloaded a software, you want to make sure it legally came from the original publisher, company or vendor before installation. When a software publisher wants its product legitimacy and integrity then a digital signature must be obtained.
Lists of Digital Signature Providers
If you are not tech savvy that’s fine, as long as you will check the software if its trusted or not, and do a bit research by its name before you use it.
Example of a warning in windows OS when verification didn’t happen
How to check the software if it has a Valid Digital Certificate?
Let’s say you downloaded the popular Firefox browser installer and we want to verify or check if the installer didn’t alter by the bad guys. Right-click the installer and go to properties.
The Publisher Information
In the “Digital Signatures” Tab you can see three(3) useful information.
- Name of the Signer Company – Mozilla Corporation (Publisher)
- Digest algorithm – Sha1 hashing algorithm used
- Timestamp – The signing Date and Time for the installer
Digital Signature Details
If you go further more by clicking the “Details” button you can see more information for the Counter Signature or Digital Signature provider at the bottom.
In this area, you can both check or view the publisher certificate and counter signer certificate under the details.
- Counter Signer – DigiCert the confirmation or approval of the installer authenticity.
- Email Address – The email address of the Digital Signature Providers (If there’s any)
- Timestamp – The signing confirmation Date and Time for the installer.
The Certificate Information
You can check the certificate issued to Mozilla and the issuer of the certificate and how long it is valid.
- Issued to – The company where it issued to (Publisher).
- Issued by – The counter signer and what it algorithm is used.
- Certificate Validity – For how long is the certificate is valid for this installer.
That’s it! It is pretty simple but still, a lot of people are lazy to do it 🙂 Please do not it let be you to become the next victim by malicious software.
Thank you, Harry. This is a great post. Now I know how can check the software’s trustworthiness.