advcom
asked on
Have questions about digital file signing and verification
I have been trying to find some answers to some very simple questions, but I am having no luck. I am writing a program to help us identify potential viruses easily. I think I know the answer, but really need to verify that I am correct.
Here are the questions.
#1. I would assume that a virus writer could digitally sign their own file, but could they digitally sign it as Microsoft or some other legitimate company?
#2. Does a digitally signed file just guarantee that the file has not been altered or does it also guarantee that is is from the company it says its from?
#3. To summarize my questions, If a file passes verification using a tool like signtool.exe, does that guarantee it is not a virus or does that just mean that the file is unchanged and is from the company it says it's from?
Any other useful info or explanations would be greatly appreciated.
Here are the questions.
#1. I would assume that a virus writer could digitally sign their own file, but could they digitally sign it as Microsoft or some other legitimate company?
#2. Does a digitally signed file just guarantee that the file has not been altered or does it also guarantee that is is from the company it says its from?
#3. To summarize my questions, If a file passes verification using a tool like signtool.exe, does that guarantee it is not a virus or does that just mean that the file is unchanged and is from the company it says it's from?
Any other useful info or explanations would be greatly appreciated.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you everyone for your input, very helpful.
ASKER
Open in new window