Hi Friedrich,

There has been some discussion on the C10 ng about code signing
certificates and what they actually do. Years ago, I tried to change a
single byte in a signed exe and it would no longer run. This I remember
clearly.

Now, it seems, based on posts from Jeff Slarve and Thomas Glomb that you
can modify the exe after code signing and all that happens is that if
you open the certificate in the exe properties and go into "Details" it
shows that the signature is invalid. Here is what I posted just now:

According to:
https://www.comodo.com/e-commerce/co...8dd333779e281d

* Ensure integrity- Verifies that code has not been tampered with
since publication


According to:
https://www.godaddy.com/ssl/code-sig...rtificate.aspx

* *Validates*and secures your code

Accoding to:
https://msdn.microsoft.com/en-us/lib...(v=vs.85).aspx

Ensuring authenticity Assures users that they know where the code came
from.
Ensuring integrity Verifies that the code hasn't been tampered with
since its publication.

According to:
https://en.wikipedia.org/wiki/Code_signing

Code signing is used on Windows and Mac OS X to authenticate software
onfirst run<https://en.wikipedia.org/wiki/First_run>, ensuring that the
software has not been maliciously tampered with by a third-party
distributor or download site.

It sounds to_me_ that this should PREVENT executables that are signed
from running if they have been tampered with. Am I not understanding
this correctly?

Seems to me that you should NOT be able to tamper with the exe and still
get it to run. If the verification is just to show that the certificate
is invalid IF the user digs it up, then it's not much of a protection
from malicious code added after it was signed.

If people can modify applications that have been signed and they run
just fine, then what exactly is the point of using certificates for
products? I understand the value for installers, but I'm getting
concerned about the rest.

Best regards,

--
Arnor Baldvinsson
Icetips Alta LLC