All geek questions in one place

Bidirectional JavaScript Files

I came across some (created by Microsoft) JavaScript files that look like this:

... SOME JAVASCRIPT CODE... // SIG // Begin signature block // SIG // MIIaVgYJKoZIhvcNAQcCoIIaRzCCGkMCAQExCzAJBgUr ... // SIG // 2Ee3yfXCMiZKY8Yv2h0= // SIG // End signature block

My question is, what is the purpose of this digital signature? Yes, I know that it is signed with someone's public key and that it helps identify the author of the file, and yes, I know that it also ensures that no one has forged the file, but what do browsers do with it? How do they use it? What are the benefits of having it in your JavaScript file (besides the fact that your files look much larger :)?

+5
source share
3 answers

It looks like a signed script, as described here (WSH vbscript, but WSH can use jscript like Well). I believe this is pretty pointless in a browser context.

+2
source

The script looks like it was signed by Microsoft SignTool or something similar.

I can think of two goals. One, as mentioned above, is to use it with a Windows script host or some other mechanism that does not support a browser that verifies the signature before signing. Secondly, verify the authenticity of the javascript files by verifying the signatures during installation and / or periodically on the server side. This will allow administrators to verify that scripts are not susceptible and that, even after updates, they come from a trusted provider.

I think it might come in handy for intrusion detection systems.

0
source

Per @Kooilnc link

Digital signatures (introduced with WSH 5.6) provide you with the ability to verify who the author of the script is, as well as a way to ensure that the script has not been modified since it was written and signed. This does not necessarily mean that the script is "safe"; after all, virus writers can also receive digital signatures. However, digital signatures provide two protection measures:

Essentially, it looks like an MD5 hash of a boot; he lets you know that this is from the source to which you think he is, and that he has not been changed since he provided it.

0
source

Source: https://habr.com/ru/post/1210106/

More articles:


All Articles