Verificar Firma Digital Firma Con airSlate SignNow

How verify signature

hi there welcome to the CBT Nuggets micro nugget this is the second in a short series we're doing called the malware hunter this episode is called verifying digital signatures my name is Tim Worner and I'm a cbt nuggets trainer why are digital signatures important in hunting malware well by way of background friends first we need to remember that digitally signing code and by code we're talking about executable code exe files as well as dynamic link library assemblies that contain code etc that by developers purchasing a code signing certificate from a reputable certification Authority and then signing their code they're giving us the consumer of their software authentication and integrity authentication means we have faith or actually it's more than faith it's trust that the person or entity that's given us some executable code or from whom we've purchased that code is who they say they are and integrity means that not a single bit of that executable code has been modified in between it being on their servers or wherever we downloaded it and our own systems that's key we don't want to be in the situation where we have legitimate software XYZ and instead of downloading it from the vendors site which is always the recommendation we download it from another site and little do we know that that codes been modified or transformed into ABC and when we install it the program installs just fine seems to work just fine little did we know that that modification installed some piece of malware on our system and who knows what is happening from there do you see what I mean so digitally signing code to me is a no-brainer that any software developer needs to do digital signatures in code signing are related they relate to public key cryptography here's what happens in a nutshell a developer creates a hash of their code module they run their module through a known hashing algorithm and then encrypts that hash with a private key this is a digital signature as it's called in public key crypto the private key is private to the owner of the account owner of the certificate on the other hand users who download your software receive a copy of the digital certificate the users public key the shared component that fits finger and glove with the corresponding private key and the downloader actually it's not the person but the operating system will use that public key to decrypt the hash and then compute the hash based on the code module and if the code has been tampered with even as little as a single bit difference then when we run the hash on the client side we're going to get a completely different number and that's going to fail the integrity check you see now then how can we translate that geek speek into something that a male where hunter can understand as you know we're focusing on the microsoft technet...