Case Study – Code Signing Implementation

27 Mar 2020

Case Study – Code Signing Implementation

/
Posted By
/
Comments0

Encryption Consulting assisted a Financial institution to implement our personalized code signing solution. Before client was using manual processes for signing and unsecure storage of the private key, now has a fully customizable workflow and centralized code signing solution. Please see the table below for full details:

Challenge Solution Benefits
  • No centralized management for code signing certificates
  • No administrative control, everything must be done manually
  • No documented assurance method to protect private code-signing keys
  • Private keys placed in signing servers or users’ endpoint devices and not in secure storage
  • No capability to enforce security policies consistently.
  • Very basic support for file types (mostly MS), cannot sign RPM or Mac
  • Deployed MyCodeSigner with Thales HSM for storage and management of private keys of code signing certificates
  • Supported extensive file types:–
    • Windows files like .exe, .dll, .msi, .cab, .ocx
    • RPM on Linux
    • Jar files
    • Mac OS software
    • Android and iOS apps
    • Docker images
  • Provided trusted code signing certificates list to Anti Malware team for policy enforcement
  • Developed approval workflows and audit process around the usage of keys for different function units
  • Developed metric reports
  • Centralized code signing solution for management of code signing certificates
  • Robust access control system integrated with LDAP
  • Customizable workflows to mitigate risks associated with granting wrong access to unauthorized users
  • Audit process for usage of code signing certificates