Before understanding what “Code Signing” is, let’s try to understand two terms prevalent in computer security – Authenticity and Integrity.
Authenticity – is talked about in all walks of life. We usually ask, if the product that I am buying is authentic or from authentic source. Does the labeling confirm what it claims to be? So, authenticity is one form of validation of identification. For a Code authenticity is nothing but validating authors identity.
Integrity – in humans is taken as quality of being honest. An honest human is trustworthy. Similarly, data/software integrity refers to trustworthiness. It means that the code has not been tempered or altered over the period.
Now that we understand what Authenticity and Integrity is – “Code Signing” is a method which helps validate both authenticity and Integrity!
A signed code is authentic as it validates authors identity and ensures that the code has not been altered with a malicious code that can cause damage to the applications.
In SQL Server, you can Code Sign, procedures, functions, triggers and assemblies. This can be achieved using Digital Certificates or Asymmetric Keys.