Case Study – Code Signing Implementation

Home » Case Studies » Case Study – Code Signing Implementation
27 Mar 2020

Case Study – Code Signing Implementation

/
Posted By

Encryption Consulting assisted a Financial institution to implement our personalized code signing solution. Before client was using manual processes for signing and unsecure storage of the private key, now has a fully customizable workflow and centralized code signing solution. Please see the table below for full details:

Code Signing Product with your Security in Mind
Challenge Solution Benefits
  • No centralized management for code signing certificates
  • No administrative control, everything must be done manually
  • No documented assurance method to protect private code-signing keys
  • Private keys placed in signing servers or users’ endpoint devices and not in secure storage
  • No capability to enforce security policies consistently.
  • Very basic support for file types (mostly MS), cannot sign RPM or Mac
  • Deployed CodeSign Secure with Thales HSM for storage and management of private keys of code signing certificates
  • Supported extensive file types:–
    • Windows files like .exe, .dll, .msi, .cab, .ocx
    • RPM on Linux
    • Jar files
    • Mac OS software
    • Android and iOS apps
    • Docker images
  • Provided trusted code signing certificates list to Anti Malware team for policy enforcement
  • Developed approval workflows and audit process around the usage of keys for different function units
  • Developed metric reports
  • Centralized code signing solution for management of code signing certificates
  • Robust access control system integrated with LDAP
  • Customizable workflows to mitigate risks associated with granting wrong access to unauthorized users
  • Audit process for usage of code signing certificates

Subscribe to

weekly blogs.

Join our professional community and learn how to protect your organization from external threats!

Our weekly blogs tackle topics from common code signing mistakes, to building your own PKI.

Download this BLOG as PDF

About Post Author

President at Encryption Consulting LLC focusing on providing consulting to customers in the Applied Cryptography space.

You may also like these blogs

Related Posts

Code Signing Architecture
Code Signing Solution
Code Signing: Top 5 Best Practices

Want to learn from PKI Experts

We train some of the biggest names in the industry through virtual & Live Classes

Get Traning Details

Get a Free Quote for your PKI services

Request Quote

Free Downloads for PKI services

Download our datasheet on PKI services

×

Want to gain more skills in handling data security issues? Sign up for one of our upcoming training sessions today

Sign Up