Reading Time: 6 minutes

Code signing is a security mechanism used to verify the authenticity and integrity of digital code. It involves adding a digital signature to code, which allows users to determine who created it and whether it has been tampered with. Code signing is commonly used to sign executable files, libraries, and scripts, but it can also be used to sign Excel Macro files.

What is Code Signing?

Code signing is a security practice that involves digitally signing software with a certificate to verify its authenticity and integrity. Code signing certificates are issued by trusted certificate authorities (CA) and allow end-users to verify that the software they are downloading or running has not been tampered with or modified since it was signed by the software publisher.

This helps to prevent malware and other malicious software from being distributed and installed on users’ systems. To establish trust in a digital signature and ensure the code has not been tampered with, popular code signing tools such as Microsoft Authenticode and Java Code Signing usually necessitate a trusted third-party certificate authority-issued digital certificate.

Signing Excel Files

Excel Macro files are used to automate tasks in Microsoft Excel. They can contain macros, which are small programs that automate repetitive tasks, such as formatting data or generating reports. Macro files can be created using the VBA (Visual Basic for Applications) programming language and can be saved with the .xlsm file extension.

By signing an Excel Macro file, you can ensure that users can trust the code in the file, and that it has not been tampered with. Using CodeSign Secure, we can make the signing and verifying process simple. Our process involves client-side hashing to increase server speed and using HSMs to store private keys, ensuring a low attack surface and speedy secure signing of files.

Step-by-step Signing Process

Here are the steps to sign an Excel Macro file. First, we must install the required tools

Step 1

We must install Windows SDK, which provides libraries and tools for building Windows apps. This development kit will install a tool called signtool, which is included as a part of the Windows SDK. Click Download the Installer and run it once it is done downloading.

You can choose to install only the Windows SDK Signing Tools for Desktop Apps. 

Note: Remember the default path shown in the install path, as this will be helpful with running these commands from the command prompt. 

Windows SDK Signing Tools for Desktop Apps

On the Windows Kits Privacy page, either option for allowing Microsoft to collect insights is okay. Click next. 

Windows Kits Privacy page

Accept the License agreement

Windows software license terms

Deselect every feature except for Windows SDK Signing Tools for Desktop Apps, then select install. We don’t need every feature for the signing process to work.

signing process to work

When prompted if you want to allow this app to make changes, select yes. 

system environmental variables

Lastly, select close, and next we have to add a path to the system environment variables in order to run commands from the Command Prompt effectively.

Windows Software development kit

Click on windows search bar on task bar and type “Edit the system environment variables” and select the control panel option of the same name. 

windows control panel

Click environment variables

Windows signtool application

Before editing the variable list, navigate to where the Windows SDK is installed to using file explorer, you must copy the path of the folder which contains the signtool application, the default path is C:\Program Files (x86)\Windows Kits\10\bin\10.0.22621.0\x64, refer to the below screenshot. Make sure to right click and copy the path as shown. You can also see the signtool application at the bottom of the file list, this is the command you will run. 

signtool application

In the System Variables list, click new. Then type Path as the variable name, and copy and paste the aforementioned path. Then click OK on the environment variables window and system properties window. 

environment variables

To test the installation, open the command prompt, and type signtool, and the output should be as shown below. 

default signtool installation

The default signtool installation location is, for example: C:\Program Files (x86)\Windows Kits\10\bin\10.0.22621.0\x64 

Step 2

Download and install the Subject Interface Package for Digitally Signing Microsoft Office Files

This link goes to Microsoft’s download page for an Interface Package. This download includes two Subject Interface Package (SIP) libraries that support the digital signing and signature verification of Visual Basic for Applications projects within most Office file formats that support VBA macros. These are required to make signtool recognize .xls and .xlsm files. After downloading the installer, follow the steps below.

Interface Packages

After the .exe is downloaded, open it, and choose an installation folder, or create a new folder as shown below:

signing Excel Macros

It will say that the files were extracted successfully, and you’ll find your installation folder populated with some files. These are the libraries that will are essential to enabling signing Excel Macros. We must run a pair of commands to install these .dll files into the registry.

Open an administrator command prompt and type the following, the path will be where you just installed the files:

regsvr32.exe <complete path to msosip.dll>

regsvr32.exe <complete path to msosipx.dll>        

For more information on how to register OLE controls, visit Microsoft’s website.

If successful, you will see a message: “DIIRegister Server in <complete file path> succeeded.” 

Step 3

Then we must download the Microsoft Visual C++ Redistributable Installer. These libraries are required by many applications built by using Microsoft C and C++ tools. Since the tools we’re using require these libraries, it is necessary to install them. For more information, see Microsoft’s documentation.

Microsoft Visual C++ Redistributable Installer Download Link: download.microsoft.com/download/C/6/D/C6D0FD4E-9E53-4897-9B91-836EBA2AACD3/vcredist_x86.exe

Run the installer, accept the terms and conditions, and click install.

Microsoft Visual C++ Redistributable Installer
Microsoft Visual C++ 2010 setup complete

Step 4

Now we can use the command prompt to sign our files. Signing Windows Excel Macro files is possible using the signtool command. The /kc is going to be the name of your certificate, /f is going to be the path to the certificate.pem file, /fd and /td are the desired algorithms, /csp is the name of the crypto storage provider (in this case Encryption Consulting Key Storage Provider), /tr is the address of the timestamp server, then after the /td SHA256 is the path in quotations of the file to be signed.

With this case of macro signing, you can use .xls or .xlsm file extensions and run the signing command.  

signtool sign /csp “Encryption Consulting Key Storage Provider” /kc evcodesigning /f C:\Users\Administrator\Desktop\ForTesting\evcodesigning.pem /fd SHA256 /tr http://timestamp.digicert.com /td SHA256 “C:\Users\Administrator\Desktop\ForTesting\MacroTest.xlm”

macro signing

Step 5

After signing the file, you can verify the file and list information about it. To verify the signed file, simply use the verify command: 

signtool.exe verify /pa C:\Users\Administrator\Desktop\ForTesting\MacroTest.xlsm 

signing the file

Conclusion

Once the Excel Macro file is signed, users who open the file will see a warning message that the file contains macros, but they will also see the digital signature and can verify that it is valid. If the digital signature is not valid, users will be warned that the file may contain malicious code and may be unsafe to open.

To summarize, incorporating code signing into software security is crucial to safeguard it against malware attacks and tampering. Encryption Consulting’s Code Sign Secure offers various advantages, including seamless integration with development workflows, robust authentication and encryption, and customizable pricing options. To learn more about how you could use Code Sign Secure visit: www.encryptionconsulting.com/code-signing-solution/ or contact us at: info@encryptionconsulting.com

Free Downloads

Datasheet of Code Signing Solution

Code signing is a process to confirm the authenticity and originality of digital information such as a piece of software code.

Download
Encryption Services

About the Author

Caedon is a Consultant at Encryption Consulting, working with PKIs, and HSMs, and working as a consultant with high-profile clients.

Today we’re going to be looking at Practical Key Management as it applies to the banking industry. Transactions taking place online obviously have a great need for efficient protection, there’s many ways to approach this need. We’ll be going over different encryption methods, a practical use case of banking encryption, and analysis on what types of encryptions are most useful in this subject.

Some major challenges of symmetric cryptography 

A major problem is the more users you have that require access to the secret key, the more difficult key management becomes. Some ancillary processes may be required for multiple clients to be able to access the same keys.

Symmetric keys also don’t have metadata inherently attached to themselves, so they are vulnerable to expiration. Therefore, a Key Life Cycle Management System can be implemented to automatically rotate expired keys out of the cycle. Furthermore, if one symmetric key is compromised, it makes all users vulnerable – therefore symmetric keys require protection.

The Hardware Security Module (HSM) is a highly advanced and secure storage device specifically for keys. At the end of the key lifecycle, the key must be retired, and a new key must replace it.

Symmetric versus asymmetric cryptography

Symmetric algorithms are very old in concept and revolve around the idea of the same key being used to encrypt and decrypt the information, this can prove useful for speed. However, it is more vulnerable than a newer type of encryption that uses a public and private key for encryption and decryption respectively. This type of encryption, called Asymmetric Encryption, has proved its superiority in security and is now widely implemented to this day.

So why use symmetric encryption at all if asymmetric encryption is more secure? It would be like driving a tank to work instead of a car, sometimes the extra protection can slow you down too much. For differing use cases, such as banking, symmetric algorithms can provide an advantage in making sure the encryption process is done as fast as possible.

How much slower would the world move if internet transactions were several times slower than they are now? How much more expensive would it be to maintain these systems with slower, more complicated algorithms? Hence the need for symmetric encryption.

Asymmetric encryption shines with its uses in digital signing or blockchains, for instance, where absolute data security is paramount. With digital signing, the use of both a public and private key means the identity of the signer of the data can easily be known.

The signer uses their private key for encryption, while the recipient verifies their identity with their public key. As only the public key of the signer can decrypt data encrypted with the signer’s private key, the identity of the signer is verified when the data is decrypted.

Asymmetric encryption algorithms are widely used for protecting online communications nowadays where complex key handling challenges are present. Public Key Infrastructure (PKI) is a major framework that is based on asymmetric encryption. Using HSMs and Key Lifecycle Management, tedious tasks are automated to make it easier to facilitate high availability operations and encryption standard compliance.

How does the symmetric scheme work

Symmetric encryption security devices are highly advanced and secure, but not always the easiest to use. Here’s an example of how a device would work. If two devices need to make a connection, there are three different key types involved:

  • Master Key is Highly protected and long-term key used to decrypt other keysKey Encryption Key (KEK) – used to encrypt keys, also highly protected

  • Session Key is Randomly generated number that ensures an uncompromised connection between the two devices

  • The Master key and KEKs must be updated from time to time, most devices have on board programming that checks key integrity automatically, so this process is made easier. KEKs should always be installed manually by a key custodian or automatically though a preconfigured Key Management System process.

The decryption process is as follows:

  • The devices make a session key using an RNG (random number generator)
  • A small amount of data is encrypted on the session key
  • Encrypts the session key with the KEK
  • Sends the encrypted data to the recipient device
  • Destroys session keys
  • After a certain amount of input data, steps 1-4 are followed for the sake of key variety

However, there are many practical problems arising in this scenario:

  • How long can master keys be kept secret? How often do they require rotation?
  • KEKs also must be rotated periodically, what policies govern them?
  • Every communication link between the two subscribers must use a KEK. How do you ensure availability when many subscribers must be serviced?

Conclusion

Key management can be a complicated process but is important to manage well for the sake of high availability and security, especially with customers and company assets being protected through these encryptions. Both Asymmetric and Symmetric encryption algorithms have their advantages and disadvantages, which makes either type effective depending on the use case. It is important to understand their differences when considering encryption for banking purposes. After breaking down the symmetric encryption process, it becomes an obvious choice for practical key management for banking use cases.

The efficient and secure delivery of keys and certificates, protected by their respective cryptographic standards, is what enables us to conduct our banking business. The integrity and speed information transfer process must be held to the highest priority. At Encryption Consulting, we provide guidance on this framework through education and evaluation to achieve even greater efficiency and security, make sure to check out our blogs and education center for more resources on these topics.

Free Downloads

Datasheet of Encryption Consulting Services

Encryption Consulting is a customer focused cybersecurity firm that provides a multitude of services in all aspects of encryption for our clients.

Download
Encryption Services

About the Author

Caedon is a Consultant at Encryption Consulting, working with PKIs, and HSMs, and working as a consultant with high-profile clients.

Read time: 3 minutes, 54 seconds

Cryptographic Service Providers (CSPs) store, access and create cryptographic keys– the building blocks of PKI. In the case of certificates, what type of cryptographic service depends on the provider, different types of keys and key lengths are available with different providers. Different examples include RSA, Elliptical Key or a host of others such as DES, 3DES, etc.

For hardware solutions such as Smart Cards and Hardware Security Modules (HSMs), third party software is sometimes needed for optimal performance. Newer Next Gen KSPs and more standard Microsoft CSPs are listed below for a comparison.

Since there are so many different providers, it’s best to divide into groups based on all around capabilities in every use case. The below tables show different cryptographic methods from modern to legacy. In reviewing this list, the primary things being evaluated are what types of keys can be used, their size, protections, and compatibility.

Modern Microsoft cryptography providers

Provider Name & TypeDescriptionPurposesCryptoDefault Microsoft Templates
Microsoft Software Key Storage Provider (CNG)Standard windows software-based RSA and ECC provider.Key Exchange
Digital Signature
Data Encryption
RSA
ECC SHA1
SHA2
OCSP Response Signing (KSP Required, Provider not specific)
Microsoft Smart Card Key Storage Provider (CNG)Supports smart card key creation and useKey Exchange
Digital Signature
Data Encryption
RSA
ECC SHA1
SHA2
None

Legacy Microsoft cryptography providers

Provider Name & TypeDescriptionPurposesCryptoDefault Microsoft Templates
Microsoft RSA SChannel Cryptographic Prodvider (CAPI)Supports hashing, data signing, and signature verification. The algorithm identifier CALG_SSL3_SHAMD5 is used for SSL 3.0 and TLS 1.0 client authentication. This CSP supports key derivation for the SSL2, PCT1, SSL3 and TLS1 protocols.Key ExchangeRSA SHA1CEP Encryption
Computer
Directory Email Replication
Domain Controller
Domain Controller Authentication
IPSec
IPSec (Offline)
Kerberos Authentication
RAS and IAS Server
Router (Offline request)
Web Server
Workstation Authentication
Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider (CAPI)Supports Diffie-Hellman key exchange (a 40-bit DES derivative), SHA hashing, DSS data signing, and DSS signature verification. Derived from Base DSS and Diffie-Hellman Cryptographic Provider. Adds support for RC2/4, DES and 3DES encryptionDigital SignatureRSA SHA1Authenticated Session
Basic EFS
CA Exchange
Code Signing
EFS Recovery Agent
Enrollment Agent
Enrollment Agent (Computer)
Exchange Enrollment Agent (Offline request)
Exchange Signature Only
Exchange User
Key Recovery Agent
Trust List Signing
User
User Signature Only
Microsoft DSS and Diffie-Hellman/Schannel Cryptographic Provider (CAPI)Supports hashing, data signing with DSS, generating Diffie-Hellman (D-H) keys, exchanging D-H keys, and exporting a D-H key. This CSP supports key derivation for the SSL3 and TLS1 protocols. This CSP supports key derivation for the SSL3 and TLS1 protocols.Key ExchangeRSA SHA1Web Server
Microsoft Base Cryptographic Provider (CAPI)A broad set of basic cryptographic functionality that can be exported to other countries or regions. No 3DES support. RC2/4 limited to 40bits.Digital Signatures
Data Encryption
RSA SHA1Administrator
Authenticated Session
Basic EFS
Code Signing
EFS Recovery Agent
Enrollment Agent
Enrollment Agent (Computer)
Exchange Enrollment Agent (Offline request)
Exchange Signature Only
Exchange User
Trust List Signing
User
User Signature Only
Microsoft DSS Cryptographic Provider (CAPI)Provides hashing, data signing, and signature verification capability using the Secure Hash Algorithm (SHA) and Digital Signature Standard (DSS) algorithms.Digital SignaturesRSA SHA1Authenticated Session
Code Signing
Enrollment Agent
Enrollment Agent (Computer)
Exchange Enrollment Agent (Offline request)
Exchange Signature Only
Trust List Signing
User Signature Only

Deprecated Microsoft cryptography providers

Provider Name & TypeDescriptionPurposesCryptoDefault Microsoft Templates
Microsoft Base Smart Card Crypto Provider (CAPI)Derived from Microsoft Strong Cryptographic Provider. Communicates with Smart Card Modules (minidriver).Digital Signatures
Data Encryption
RSA SHA1None
Microsoft Strong Cryptographic Provider (CAPI)An extension of the Microsoft Base Cryptographic Provider available with Windows XP and later. Default RSA CSP. Cryptographic Provider. Supports all the same key lengths, but lacks configurable Salt length for RC encryption algorithms.Digital Signatures
Data Encryption
RSA SHA1None
Microsoft Enhanced Cryptographic Provider (CAPI)Derived from Base Cryptographic Provider. The Enhanced Provider supports stronger security through longer keys and additional algorithms. Can only generate 128bit RC2/4 keys, can import smallerDigital Signatures
Data Encryption
RSA SHA1None
Microsoft RSA and AES Cryptographic Provider (CAPI) Microsoft Enhanced Cryptographic Provider with support for AES encryption algorithms.Digital Signatures
Data Encryption
RSA SHA1None
Microsoft Base DSS and Diffie-Hellman Cryptographic Provider (CAPI)A superset of the DSS Cryptographic Provider that also supports Diffie-Hellman key exchange, hashing, data signing, and signature verification using the Secure Hash Algorithm (SHA) and Digital Signature Standard (DSS) algorithms.Diffie Hellman (Key Exchange)
Digital Signatures
RSA SHA1None

Conclusion

In conclusion, Microsoft has a wide range of available cryptographic services, suitable for any application. With these tools, Encryption Consulting has worked with Top 500 companies to secure and update PKI solutions to ensure reliability and availability for cryptographic services.

Free Downloads

Datasheet of Encryption Consulting Services

Encryption Consulting is a customer focused cybersecurity firm that provides a multitude of services in all aspects of encryption for our clients.

Download
Encryption Services

About the Author

Caedon is a Consultant at Encryption Consulting, working with PKIs, and HSMs, and working as a consultant with high-profile clients.

Reading Time: 15 minutes

The current generation of TPMs (version 1.2) are chips that are usually surface mounted onto the motherboard of a PC or integrated into a custom PCB. The TPM process reports the state of the system, from the moment of power-on right through to the execution of applications on a modern graphical operating system.

Monitoring has limited uses but combined with access control for secrets based on state monitoring, it becomes easy to execute many security practices. For example, if a PC is booted into a state where only select apps are installed, the TPM could then grant access to data storage and encryption keys for secure email.

Additionally, the TPM can manage third-party connections, be it the owner of a device wanting to remotely manage it, or a device manufacturer giving it to an untrusted party. To support requirements for availability, and to guard against equipment failure, the TPM can manage the migration of data between trusted devices, and for use of third parties as privacy or migration brokers.

Upon creation of the data, it can be designated as either migratable or non-migratable, depending upon the protection model required.

In short, the TPM makes it easy for operating system designers to protect themselves from attackers who may have access to the physical computers in their environments (swapping out a hard drive for example).

A Cost-Effective Architecture

The TPM architecture and data format was designed to achieve the desired functionality. It can be difficult for companies to integrate the hardware for perhaps thousands of computers and other devices, but the TPM is a cheap encryption solution that can be easily implemented with a minor impact on a company’s budget.  

For example, using entirely asymmetric encryption would be a more cost-effective option, even though a symmetric encryption algorithm such as a block cipher would be better suited. Therefore, a TPM need only contain an RSA modular exponentiation accelerator and not an implementation of AES or 3DES.

Obviously, it can store any of these key types, but instead, any symmetric keys are sealed to a configuration and released for use in a trustworthy OS configuration. This means that TPM internal data storage formats are limited by the maximum size of data that can be encrypted using RSA operations of a certain key length. As a result, the efficiency of asymmetric encryption is taken advantage of while still maintaining compatibility with symmetric encryption.

But how does the TPM deal with false key injection? as the public half of the storage key will be available to all. The ability to insert false keys may seem irrelevant (after all it cannot gain access to existing storage keys which govern protected content), but it is crucial as, without it, it would be possible to create a key that is designated as non-migratable (can never be removed from a specific TPM), and yet with a value known to the attacker. If a content provider were to issue content to be protected under this key, a breach would occur.

To solve this problem, every data structure in the TPM is signed with a “TPM Proof”, which in essence is a special secret hash that is matched with an existing root RSA Key in a special register.

So even though an attacker may access the public key, they cannot know the TPM Proof, which is needed to access data. Essentially, the asymmetric cryptosystem is converted into a symmetric one, with a composite key consisting of the private half of the root storage key and the TPM proof.

A TPM is usually programmed with high-functioning cryptographic hashing algorithms, most often using SHA-1. Using the Platform Config Registers (PCR) values, the algorithm further encrypts the key and, in a way, “extends” the values to improve security. This also prevents the modification of data, key identification, and improved command chaining. Hashing command parameters together with the help of the TPM Proof secret value can be very useful when considering command chaining in a TPM, as it creates a 160-bit capability string that attackers cannot forge. This can cause major performance improvements for Third Party Migration for example, where the authentication and authorization certificate is produced by a third party and processed by the TPM.

This introduces some performance decreases for the sake of authentication since in order to protect from the possibility of malicious attacks in this situation, a migration certificate must be verified before each key is transferred.

This problem is solved by the TPM Proof, which can run a single check using the compatibility string, which can make things much faster.

The physical design of these chips is also a crucial factor for their security and cost-effectiveness. Since they were designed to be a cheap solution, even though the security of the system is well thought out, it does not protect against some attacks and protects against others.

One of the most significant weaknesses of the TPM platform is its physical vulnerability. Most TPMs used to be mountable and separable from motherboards, which raises a lot of questions about the security of a physically removable device, now they are usually mounted inseparably to the motherboard. Removing a soldered chip from a device might sound easy but it is up to the organization to put in place man traps, smart cards, and other security procedures to ensure only authorized persons have access to the physical machines. If a malicious person had access to the device, aside from removing it, not much else is possible; however, proposals have been made regarding other ways to trick TPMs.

These different ways include using a simulation of reset, using dual-ported memory, or modification of bus signals. Soon new chip technologies will be released further improving security in this regard. But since hardware attacks are few and far between, the major focus remains on the software and firmware security of these devices, so sacrificing physical security isn’t necessarily so bad of an idea. Operating system integrity dominates proposed threat models when TPMs are deployed. Hardware state monitoring plus improved operating system security working in tandem can help prevent rootkit and Trojan Horse attacks.

The one area where the TPM architecture has gone out on a limb in the trade-off between cost and functionality is the area of privacy. Any sophisticated architectural features exist purely to enable online services to use TPMs without forcing the compromise of a user’s privacy. This operates through a system of pseudonymous identities that can be managed locally and registered with trusted third parties (authorized not to reveal a user’s identity).

An implementation of a zero-knowledge proving protocol is designed to allow a TPM to attest to a particular configuration without revealing this identity to anyone. This protocol is highly advanced and does not allow for any identifying information to be leaked and is a testament to the designer’s unwillingness to allow any compromises of privacy. Even though the device is on the cheaper end of the market, it can handle private operations as securely as can be.

The only caveat to be considered is that the inclusion of advanced architectural features does not necessarily mean that applications and systems will take advantage of these features – ultimately it will depend on whether the final online service provider is economically motivated to protect the user’s privacy, and has the services needed to run these advanced features.

TPM Application Space

Many modern laptops Trusted Platform Modules already integrated; however, the chip lies dormant by default and must be enabled (usually in the BIOS) before it can begin monitoring.

Since the average user will not need sophisticated security procedures, it is up to an organization or knowledgeable user to enable hardware monitoring. Once activated software such as Microsoft BitLocker disk encryption software, released with professional and enterprise versions of Windows, can be configured to use the TPM for secure storage of top-level cryptographic keys.

 Whilst BitLocker has become generally the mainstream form of desktop encryption, the more ambitious functionality of the TPM such as remote attestation can only really be leveraged in tandem with a specially designed operating system. New releases of Windows could introduce newer functionality, but with that comes untested vulnerabilities. Simply put – if the trusted code has bugs, then the remote attestation proves nothing.

 In order to make sense of remote attestation, an OS more akin to SE Linux is required. If OS could be created and a usable work environment for desktop computing developed, there would be many security safeguards. The platform could restrict installation to only approved software, using a predetermined list of allowed operations help to eliminate many avenues a virus could take. This is a commonly envisaged use case of the TPM – for helping system administrators of IT systems in large corporations keep users’ workstations locked down from unauthorized tampering. Be it a virus, or a seemingly harmless program installed by a user, strict administration is required to prevent breaches.

A new growing use case for TPMs is monitoring and securing mobile phone-embedded computers as their platforms increase in complexity. Interestingly while the push to secure the low-level software in the platform is undoubtedly aided by the TPM, user programmability and interactivity are not suffering so badly, as such features are migrating to higher and higher software layers, for instance, JavaScript and interactive web services – all of which will be supported on a modern mobile.

The success of the TPM secure microcontroller has largely been due to an open cooperative effort between major IT hardware and software players including Microsoft, Intel, Infineon, IBM, and Sun Microsystems. Encryption Consulting offers training to better understand the hardware and software components of these processes.

For example, building a PKI with machines using integrated TPMs is essential to a robust infrastructure for any company. But it is not necessarily large companies who will benefit the most, it is the availability of this hardware-assisted security to smaller companies and even individuals which is essential for the IT industry.

Conclusion

So, there is a bright future ahead both on the desktop and for embedded and ubiquitous computing using TPM technology, which can sustain secure key storage and further web development.

Free Downloads

Datasheet of Encryption Consulting Services

Encryption Consulting is a customer focused cybersecurity firm that provides a multitude of services in all aspects of encryption for our clients.

Download
Encryption Services

About the Author

Caedon is a Consultant at Encryption Consulting, working with PKIs, and HSMs, and working as a consultant with high-profile clients.

Let's talk