Public Key Infastructure (PKI): Evolving in a Mobile Age
Twenty years ago, PKI technology was introduced amidst a whirlwind of hype and expectation. But due to its cost and complex deployment, it was placed on the back burner for several years as companies waited for a solution that would make it cheaper and easier to implement. This allows organizations a simplified way to ensure [Read More...]
Google Rethinks Revocation
Google has decided in Chrome that they’re going to take a different approach to certificate revocation. Chrome developer Adam Langley describes the decision in detail in his blog, Imperial Violet. Unlike a number of CAs, we think this is a pretty good idea, even if incompletely executed so far. Revocation is a difficult task. It [Read More...]
Verifying Code Authenticity
When an end-user’s browser loads the code, it checks the authenticity of the software using the signer’s public key, signature and the hash of the file. If the signature is verified successfully, the browser accepts the code as valid. If the signature is not successfully verified, the browser will react by warning the user or [Read More...]
What is Code Signing?
From Wikipedia, “Code signing is the process of digitally signing executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was signed by use of a cryptographic hash.” In order to sign the code, the publisher needs to generate a private-public key pair and [Read More...]
Where are your digital certificates?
Over the years, Entrust has had many conversations with customers trying to improve or strengthen enterprise and customer security within the online channel. And one topic that repeatedly comes up is certificate discovery and management. Their specific challenges can be grouped into three distinct categories: Unexpected certificate expiry Concern about data breach or non-compliance Management [Read More...]