Software publishers often use digital signatures to demonstrate the authenticity or legitimacy of their files. For example, a publisher may generate a digital signature for a file that demonstrates the file's authenticity by (1) hashing the file and then (2) encrypting the file's hash using a private encryption key that is uniquely associated with the publisher. The publisher may then embed this digital signature within the file itself or store the digital signature within a separate file. In either case, the digital signature may demonstrate both (1) that the publisher (as opposed to some other potentially malicious entity) created the file and (2) that the file has not been tampered with or otherwise modified since leaving the publisher's possession.
Security software typically trust files that have been digitally signed by trusted entities. However, a device (such as a gateway, file server, or endpoint device) on which this security software runs may not always be able to successfully verify that a file has been digitally signed by a trusted entity. For example, a device may not be in possession of a separate signature file used to digitally sign a file. Moreover, even if a file's signature has been embedded within the file itself, the file's signature may have become corrupted or the device may be unable to successfully process or verify the file's signature.
Unfortunately, if a device is unable to verify that a file has been digitally signed by a trusted entity, then the device may mistakenly mistrust and/or mark the file as suspicious or even malicious, potentially resulting in harmful disruptions to normal business operations. Accordingly, the instant disclosure identifies and addresses a need for systems and methods for trusting digitally signed files in the absence of verifiable signature conditions.