A critical security control, code signing helps businesses and end users know their software can be trusted. Code signing guarantees the code of a program or software download has not been corrupted and altered after it was digitally signed by the publisher. Many manufacturers depend on code signing to help protect against forgery and fraud.
Code signing has protected businesses and end users for ages, but the technology is only as good as the protection you provide for the most important component—the cryptographic keys. In recent years, there has been an increase in cybercrime and attempts to steal, forge, or expose vulnerabilities in the process, so it’s critical to ensure a full end-to-end secure solution.
A quick explanation
Mobile, desktop and embedded operating systems now almost universally support the protection of application binaries through the use of digital signatures. Code signing proves the authenticity of an application binary from the developer and provides a guarantee that the binary has not been compromised. Consequently, application signatures are used to:
- Verify the authenticity of applications
- Prevent tampering and man-in-the-middle attacks
- Protect against malware which modifies applications
- Establish developer trust and protect reputation
- Prevent counterfeit applications
Why it’s critical to protect your keys
Protecting digital signatures from compromise requires securing the cryptographic keys at the center of the digital signatures themselves. If the cryptographic keys associated with the digital signatures are in any way altered, the entire infrastructure will be compromised. The developers’ private keys used to sign their applications are the very heart of a code signing system. Today, most organizations store these critical assets in a software key vault, which is easy to compromise and tough to audit. For this reason, it is highly recommended that organizations use hardware security modules (HSMs) to protect the private keys used for secure electronic signatures.
By digitally signing software and firmware packages or electronic documents with an HSM as the root of trust, you can ensure the integrity of the signed data, and establish the publisher’s identity while protecting the private keys associated with your signing application.
A real-world example
A world-class manufacturer of audio equipment, renowned for the quality of their products, was looking for a PKI key vault solution, specifically for certificate signing. The introduction of PCI (Peripheral Component Interconnect) into consumer electronics drove the change to have encryption keys embedded into some of the company’s products, and lead to an urgent need for certificate signing. The company needed a scalable, easy way to ensure their code had not been modified since it had been signed, and it needed to be compliant with specific digital signing requirements.
The customer was already familiar with Thales Luna HSMs which they use for their high-performance secure manufacturing, but they chose Thales Data Protection on Demand (DPoD) Luna Cloud HSM services for this use case as they wanted to leverage the cloud for its ease of deployment and use and low TCO. Knowing that only Thales Luna HSMs enable them to always remain in control of their critical code signing assets, with the flexibility to freely move those code signing keys between cloud and on-premises in a purpose-built hybrid solution securely stored in NIST FIPS 140-2 Level 3 certified hardware gave them peace of mind. Having a cloud solution supported by real hardware ensured their code was always backed up and highly available - underpinning both their security and compliance mandates.
The service benefits of DPoD Luna Cloud HSMs include:
- Enhanced key protection for code signing keys for significantly improved security and reduced risk
- Auditability so you can prove the integrity of your applications
- No need to buy, host and update equipment --providing easy access to enhanced security
- Cloud, hybrid and on-premises support that is flexible and scalable for multiple use cases and environments.
- Fully cloud agnostic, so you stay in control of your data and cryptographic keys
- No upfront investment, OPEX-based business model
- All-inclusive package that includes high-availability and back up built into the offering
Controlling your code signing certificates and securing the private keys in an HSM gives your organization the power to digitally sign with high assurance and confidence. Thales has partnered with many code signing vendors including Device Authority, Keyfactor, Microsoft, and Venafi, to provide certificate and key lifecycle services both on-premises with our Thales Luna Network HSMs and in the cloud, with Thales Data Protection on Demand (DPoD). Try a free 30-day evaluation of DPoD.