Encryption Consulting has analysed the Global Encryption Trends 2022 Read the detailed report
×

See how our services helped a Healthcare and Life Science Company better implement encryption into their infrastructure.

See More

    Case Study – Code Signing Implementation

    Encryption Consulting > Case Studies > Case Study – Code Signing
    27 Mar 2020

    Case Study – Code Signing

    /
    Posted By

    Encryption Consulting assisted a Financial institution to implement our personalized code signing solution. Before client was using manual processes for signing and unsecure storage of the private key, now has a fully customizable workflow and centralized code signing solution. Please see the table below for full details:

    Code Signing Product with your Security in Mind
    Challenge Solution Benefits
    • No centralized management for code signing certificates
    • No administrative control, everything must be done manually
    • No documented assurance method to protect private code-signing keys
    • Private keys placed in signing servers or users’ endpoint devices and not in secure storage
    • No capability to enforce security policies consistently.
    • Very basic support for file types (mostly MS), cannot sign RPM or Mac
    • Deployed CodeSign Secure with Thales HSM for storage and management of private keys of code signing certificates
    • Supported extensive file types:–
      • Windows files like .exe, .dll, .msi, .cab, .ocx
      • RPM on Linux
      • Jar files
      • Mac OS software
      • Android and iOS apps
      • Docker images
    • Provided trusted code signing certificates list to Anti Malware team for policy enforcement
    • Developed approval workflows and audit process around the usage of keys for different function units
    • Developed metric reports
    • Centralized code signing solution for management of code signing certificates
    • Robust access control system integrated with LDAP
    • Customizable workflows to mitigate risks associated with granting wrong access to unauthorized users
    • Audit process for usage of code signing certificates

    Subscribe to

    weekly blogs.

    Join our professional community and learn how to protect your organization from external threats!

    Our weekly blogs tackle topics from common code signing mistakes, to building your own PKI.

    About Post Author

    President at Encryption Consulting LLC focusing on providing consulting to customers in the Applied Cryptography space.

    You may also like these blogs

    Related Posts

    Code Signing Architecture
    Code Signing Solution
    Code Signing: Top 5 Best Practices

    Want to learn from PKI Experts

    We train some of the biggest names in the industry through virtual & Live Classes

    Get Traning Details

    Get a Free Quote for your PKI services

    Request Quote

    Free Downloads for PKI services

    Download our datasheet on PKI services

    ×

    The private keys of the code-signing certificate can be stored in an HSM to eliminate the risks associated with stolen, corrupted, or misused keys.

    Client-side hashing ensures build performance and avoids unnecessary movement of files to provide a greater level of security

    The command line signing tool provides a faster method to sign requests in bulk

    Robust access control systems can be integrated with LDAP and customizable workflows to mitigate risks associated with granting wrong access to unauthorized users, allowing them to sign code with malicious certificates

    Support for customized workflows of an “M of N” quorum with multi-tier support of approvers

    Support for InfosSec policies to improve adoption of the solution and enable different business teams to have their own workflow for Code Signing

    Validation of code against UpToDate antivirus definitions for virus and malware before digitally signing it will mitigate risks associated with signing malicious code