5

I have been trying to understand why code signing is treated or discussed differently from digital signature.

Digital signature is signing a hashed BLOB with a private key. When the BLOB is code/software, it is code signing.

So, isn't code signing just digital signature in the true sense? Why is it carved out based on the BLOB?

Patriot
  • 3,132
  • 3
  • 18
  • 65
Paras Shah
  • 51
  • 1
  • Hashing is generally thought of as part of the signature generation. Similarly, a BLOB is a binary large object. Signing is over a binary encoded message. This seems like nit-picking maybe, but sometimes using the right definitions / terms makes just the difference. – Maarten Bodewes Jul 16 '19 at 23:37
  • We're missing context. Who treats code signing as something other than digital signatures on code/binaries? what do you mean by "carved out based on the blob" ? – Z.T. Jul 17 '19 at 01:18

2 Answers2

7

Indeed, code signing is a special case of digital signature, and there is no imperious reason to distinguish the two from the standpoint of defining a cryptographic signature primitive.

There are however reasons to special-case code signature from an IT security perspective, by a having a "code signing" attribute in a digital certificate. It is a useful distinction for a certificate wether it's a code-signing or data-signing certificate; that is, if the signature of a piece of data checking against the public key introduced by the certificate should be considered, or not, as and indication that said piece of data is safe to run as executable code. In a Unix file system context, the distinction might correspond to a rule: allow setting the Execute flag or not on the piece of data received.

A similar useful distinction for a certificate is wether it's a certification authority certificate or not; that is, if the signature of a piece of data checking against the public key introduced by the certificate should be considered, or not, as an indication that said piece of data is a certificate. The distinction might correspond to a rule: entering that piece of data, or not, in the list of certificates that can validate a digital signature.

In both cases, the distinction is made with an attribute in the digital certificate, typically with different rules for certificate issuance according to this attribute.

There are efficiency considerations to account for when selecting a signature algorithm according to context, and that has some degree of relevance when choosing such algorithm for code signature:

  • Simplicity of the signature verification: especially for early boot code, it might be essential that the signature verification code is short and fully auditable (e.g. because it stands in a special, prohibitively-expensive-to-change memory, and much of the rest of the security sandcastle chain depends on that). That's a reason to use RSA, or Rabin signature. That also applies to digital certificate signature.
  • Speed of the signature verification: especially for low-power embedded systems, it might be essential that code signature verification is fast. That's another reason to use RSA, or Rabin signature. That also applies to digital certificate signature.
  • Speed of signature generation. That's seldom a consideration for code, which is typically orders of magnitude harder to write or compile than it is to sign.
  • Size overhead. That's seldom a consideration for code, which nowadays is typically much larger than a signature.
fgrieu
  • 140,762
  • 12
  • 307
  • 587
4

Code signing is indeed an application of signature generation. It is only different from signing a document on how the signature is used. For documents, non-repudiation is mainly important. For code signing you mainly want to make sure that no unauthorized party has created or at least signed the code.

As the key is used for different purposes and possibly by different actors or roles it makes sense to use a different key pair for code signing than for signing documents, hence there are (often) different key usages associated with the key pairs (e.g. in X.509 certificates). The IT person of Microsoft is probably not the one that also signs contracts, after all.

So apart from techniques that may be slightly different for one use case to the other, the distinction makes most sense for key management purposes.

Maarten Bodewes
  • 92,551
  • 13
  • 161
  • 313
  • Understood. But the key-usage "digital sign" should have sufficed for document as well as code signing. My point is Code Sign = Special case of Digital Sign, no? Then why separate it out. By the same argument, one day I might need "Text Sign", "Image Sign" but we cannot carve these out just because the data that signed is text or image or code or anything – Paras Shah Jul 17 '19 at 00:26
  • Well, you don't have to separate code signing and other purposes. It is just best practice to do key management that way. But if you have a valid reason to use a key pair for multiple purposes, nothing prevents you from doing so. Tried to integrate this comment into the answer. – Maarten Bodewes Jul 17 '19 at 12:28