KEYnote 28 English - Fall 2014 | Page 6

KNOW-HOW Protecting the Integrity of Software A common use case of software certificates is code signing: the developer of a software application signs the code with a private key. A certificate is produced by a trusted certification body and links the public key with the identity of the software developer. This allows the end user to verify which developer made the software he or she is using and whether it has been tampered with. This common mechanism was originally developed to protect end users from the all too frequent threat of viruses. It is not, however, enough to give the software developers themselves a means of avoiding piracy or tampering. This is where AxProtector and ExProtector enter the fray. Windows uses a built-in code signing mechanism (Authenticode) to notify users when they are using software from an unknown source, that is, software that is not signed, whose certificate cannot be traced back to a trusted root certificate, or whose signature is incorrect. However, the users are only giving a simple warning message, and they can even opt out of these messages. Little reason for the makers or users of pirated software to stop their wrongdoings. Windows - AxProtector AxProtector encrypts the entire executable file (.exe) and appends a fingerprint with a dedicated signature. The public key is also hidden within the applicati ۋ