Case Studies

Case Study – Code Signing

Encryption Consulting assisted a Financial institution to implement our personalized code signing solution. Before client was using manual processes for signing and unsecure storage of the private key, now has a fully customizable workflow and centralized code signing solution. Please see the table below for full details:

Challenges Solution Benefits
  • No centralized management for code signing certificates
  • No administrative control, everything must be done manually
  • No documented assurance method to protect private code-signing keys
  • Private keys placed in signing servers or users’ endpoint devices and not in secure storage
  • No capability to enforce security policies consistently.
  • Very basic support for file types (mostly MS), cannot sign RPM or Mac
  • Deployed CodeSign Secure with Thales HSM for storage and management of private keys of code signing certificates
  • Supported extensive file types:–
    • Windows files like .exe, .dll, .msi, .cab, .ocx
    • RPM on Linux
    • Jar files
    • Mac OS software
    • Android and iOS apps
    • Docker images
  • Provided trusted code signing certificates list to Anti Malware team for policy enforcement
  • Developed approval workflows and audit process around the usage of keys for different function units
  • Developed metric reports
  • Centralized code signing solution for management of code signing certificates
  • Robust access control system integrated with LDAP
  • Customizable workflows to mitigate risks associated with granting wrong access to unauthorized users
  • Audit process for usage of code signing certificates

Free Downloads

Datasheet of Encryption Consulting Services

Encryption Consulting is a customer focused cybersecurity firm that provides a multitude of services in all aspects of encryption for our clients.

Encryption Services

About the Author

Anish Bhattacharya is a Consultant at Encryption Consulting, working with PKIs, HSMs, creating Google Cloud applications, and working as a consultant with high-profile clients.

Let's talk