Digital Certificates in Cradle System Engineering Tool

Starting with the Cradle-7.2 release, we have included digital certificates in the executables in the Cradle system engineering tool distribution for Windows, including the Cradle installer itself.

Digital Certificates

Like a passport or a driver’s licence, digital certificates are issued by a Certificate Authority (CA) to provide proof of identity, in this case for verifying the identity of online entities. However, instead of containing a photograph and the signature of the certificate’s owner, a digital certificate binds the owner’s public key to the owner’s private key.

3SL (our full company name is Structured Software Systems Limited) has obtained a digital certificate from the CA Symantec that we can use to identify any file as being something that we have produced.

Cradle Systems Engineering Tool

3SL’s system engineering tool Cradle contains many executables and other files. These files are supplied as a single distribution file, such as:

Cradle72_Setup.exe

It is helpful to us, and to anyone who receives the Cradle software distribution or who looks at any executable that is claimed to be part of the Cradle system engineering tool, to know that:

  • The distribution
  • The files inside the distribution

have come from 3SL and have not been changed in any way after they were created by 3SL.

So, starting with Cradle-7.2, 3SL has digitally signed:

  • The Cradle software distribution
  • The executables inside the distribution

with our digital certificate.

Benefits

Using a digital signature brings several benefits to anyone who installs or uses Cradle.

Anti-Virus Products

Occasionally, some AV products have incorrectly claimed that a file in Cradle contains a virus. These incorrect reports are called false positives.

Now that Cradle executables are digitally signed, we expect that your AV product will report fewer false positives.

Installation

Since the Cradle installer is digitally signed, Windows will display the friendly blue User Account Control (UAC) dialog at the start of the Cradle installation:

cradle system engineering tool digital signatures
Windows Detects 3SL in Cradle System Engineering Tool Installer

instead of the warning yellow UAC dialog.

Executable File Properties

You can verify the digital signature in the Cradle installation files:

Cradle system engineering tool digital certificates
View Digital Certificates in Cradle Executables

If the file does not contain a digital certificate, then you know that the file has been tampered with since 3SL created it, or it was not created by 3SL at all.

Information Assurance

The use of digital certificates is part of 3SL’s commitment to ensuring that Cradle contributes to the information assurance practices in your organisation. You can find more details about other information assurance aspects of Cradle in our white paper here.

Summary

We hope that 3SL’s use of digital certificates in the distribution of, and executable files within, the Cradle system engineering tool will be helpful when you next install Cradle and when your AV products next scan a Cradle installation!