Starting with the Cradle-7.2 release, we have included digital certificates in the executables in the Cradle system engineering tool distribution for Windows, including the Cradle installer itself.
Like a passport or a driver’s licence, digital certificates are issued by a Certificate Authority (CA) to provide proof of identity, in this case for verifying the identity of online entities. However, instead of containing a photograph and the signature of the certificate’s owner, a digital certificate binds the owner’s public key to the owner’s private key.
3SL (our full company name is Structured Software Systems Limited) has obtained a digital certificate from the CA Symantec that we can use to identify any file as being something that we have produced.
Cradle Systems Engineering Tool
3SL’s system engineering tool Cradle contains many executables and other files. These files are supplied as a single distribution file, such as:
It is helpful to us, and to anyone who receives the Cradle software distribution or who looks at any executable that is claimed to be part of the Cradle system engineering tool, to know that:
- The distribution
- The files inside the distribution
have come from 3SL and have not been changed in any way after they were created by 3SL.
So, starting with Cradle-7.2, 3SL has digitally signed:
- The Cradle software distribution
- The executables inside the distribution
with our digital certificate.
Using a digital signature brings several benefits to anyone who installs or uses Cradle.
Occasionally, some AV products have incorrectly claimed that a file in Cradle contains a virus. These incorrect reports are called false positives.
Now that Cradle executables are digitally signed, we expect that your AV product will report fewer false positives.
Since the Cradle installer is digitally signed, Windows will display the friendly blue User Account Control (UAC) dialog at the start of the Cradle installation:
instead of the warning yellow UAC dialog.
Executable File Properties
You can verify the digital signature in the Cradle installation files:
If the file does not contain a digital certificate, then you know that the file has been tampered with since 3SL created it, or it was not created by 3SL at all.
The use of digital certificates is part of 3SL’s commitment to ensuring that Cradle contributes to the information assurance practices in your organisation. You can find more details about other information assurance aspects of Cradle in our white paper here.
We hope that 3SL’s use of digital certificates in the distribution of, and executable files within, the Cradle system engineering tool will be helpful when you next install Cradle and when your AV products next scan a Cradle installation!