See how our services helped a Healthcare and Life Science Company better implement encryption into their infrastructure.

See More

    Case Study – Code Signing Implementation

    27 Mar 2020

    Case Study – Code Signing

    Posted By

    Encryption Consulting assisted a Financial institution to implement our personalized code signing solution. Before client was using manual processes for signing and unsecure storage of the private key, now has a fully customizable workflow and centralized code signing solution. Please see the table below for full details:

    Code Signing Product with your Security in Mind
    Challenge Solution Benefits
    • No centralized management for code signing certificates
    • No administrative control, everything must be done manually
    • No documented assurance method to protect private code-signing keys
    • Private keys placed in signing servers or users’ endpoint devices and not in secure storage
    • No capability to enforce security policies consistently.
    • Very basic support for file types (mostly MS), cannot sign RPM or Mac
    • Deployed CodeSign Secure with Thales HSM for storage and management of private keys of code signing certificates
    • Supported extensive file types:–
      • Windows files like .exe, .dll, .msi, .cab, .ocx
      • RPM on Linux
      • Jar files
      • Mac OS software
      • Android and iOS apps
      • Docker images
    • Provided trusted code signing certificates list to Anti Malware team for policy enforcement
    • Developed approval workflows and audit process around the usage of keys for different function units
    • Developed metric reports
    • Centralized code signing solution for management of code signing certificates
    • Robust access control system integrated with LDAP
    • Customizable workflows to mitigate risks associated with granting wrong access to unauthorized users
    • Audit process for usage of code signing certificates

    Want to learn from PKI Experts

    We train some of the biggest names in the industry through virtual & Live Classes

    Get a Free Quote for your PKI services

    Free Downloads for PKI services