Using a digital signature to authenticate a file before opening.Synonyms: File Signature Authentication .
How it works
This technique is generic and there are numerous ways to compute and authenticate digital signatures. A digital certificate is generated from a private/public key pair issued by a certificate authority (CA). A hash of the file is encrypted using the private key. When the file is downloaded by another user, the user's system uses the public key to decrypt the hash and a new hash is created of the downloaded file. The hash decrypted by the public key is compared to the new hash and if there is a mismatch, further techniques, such as file deletion, file quarantine, or Executable Blacklisting may be invoked.
This technique may be invoked when deciding whether to execute a file.
Organizations which download or create high volumes of software make management complex, in particular engineering or scientific organizations.
The following references were used to develop the Executable Allowlisting knowledge-base article.
(Note: the consideration of references does not imply specific functionality exists in an offering.)
Computing apparatus with automatic integrity reference generation and maintenance
Enhancing Network Security By Preventing User-Initiated Malware Execution
This paper describes application whitelisting. New software executable code is compared to a database of allowed software to determine if the new executable code should be loaded and executed. A database of cryptographic hashes is first created for all allowed software executables. Prior to loading any new executable code, a hash is computed and compared against the hash database. If the hash for the new code does not appear in the database, the executable is not loaded and executed.