Case Studies

Case Study – Code Signing

Encryption Consulting assisted a Financial institution to implement our personalized code signing solution. Before client was using manual processes for signing and unsecure storage of the private key, now has a fully customizable workflow and centralized code signing solution. Please see the table below for full details:

Challenge Solution Benefits
  • No centralized management for code signing certificates
  • No administrative control, everything must be done manually
  • No documented assurance method to protect private code-signing keys
  • Private keys placed in signing servers or users’ endpoint devices and not in secure storage
  • No capability to enforce security policies consistently.
  • Very basic support for file types (mostly MS), cannot sign RPM or Mac
  • Deployed CodeSign Secure with Thales HSM for storage and management of private keys of code signing certificates
  • Supported extensive file types:–
    • Windows files like .exe, .dll, .msi, .cab, .ocx
    • RPM on Linux
    • Jar files
    • Mac OS software
    • Android and iOS apps
    • Docker images
  • Provided trusted code signing certificates list to Anti Malware team for policy enforcement
  • Developed approval workflows and audit process around the usage of keys for different function units
  • Developed metric reports
  • Centralized code signing solution for management of code signing certificates
  • Robust access control system integrated with LDAP
  • Customizable workflows to mitigate risks associated with granting wrong access to unauthorized users
  • Audit process for usage of code signing certificates

Free Downloads

Datasheet of Encryption Consulting Services

Encryption Consulting is a customer focused cybersecurity firm that provides a multitude of services in all aspects of encryption for our clients.

Encryption Services

About the Author

President at Encryption Consulting LLC focusing on providing consulting to customers in the Applied Cryptography space.

Let's talk