Secure Digital Signatures with Garantir & Thales

HSM-Backed Digital Signatures for Code Signing, SSH, S/MIME, and more

Now more than ever, companies are making heavy use of public key cryptography to meet the growing demands of the tech industry. Unfortunately, the tools provided by the industry haven’t scaled well and companies have had to choose between security – storing the keys in an HSM - and performance – distributing the keys out to end users. It is common for enterprises to distribute SSH and S/MIME keys to the various computers in their network, leaving those keys exposed and tough to manage. Those same companies often require their developers and build teams to upload their code and binaries to a central server that has access to the corporate HSM for code signing, leading to a performance bottleneck for CI/CD servers. What companies need is a way to achieve the performance of local keys with the security and scalability of centralized key management backed by a hardware security modules (HSMs).

Garantir’s cryptographic services platform addresses these issues by allowing clients to hash the data client-side before sending the data over the network to be signed by the keys in the HSM. Using this approach, the data sent over the network is minimal which allows for sub-second signatures without exposing the sensitive private key material. Combining Garantir’s platform with the industry’s most trusted brand of HSM is a natural integration.