Skip to content
Posted in

Code Signing

A Quantum Leap in Code Signing: What’s New in CodeSign Secure v3.02 

Posted bySurbhi Singh 04 Minutes
Whats new with CodeSign Secure

In the world of software development and supply chain security, the conversation around post-quantum cryptography (PQC) has evolved from distant theory to pressing reality. At Encryption Consulting, we’re not just watching that shift, we’re driving it. 

With the release of CodeSign Secure v3.02, we’re equipping organizations with the tools they need to sign code securely today, while preparing for a quantum-resilient tomorrow. Whether you’re navigating compliance, building modern DevSecOps pipelines, or getting ahead of quantum risk, this release offers powerful upgrades in tool compatibility, PQC algorithm support, and HSM integration. 

Here’s what makes v3.02 a game-changer. 

Post-Quantum Signatures Are Now Built In 

Quantum computing isn’t science fiction anymore. Algorithms like RSA and ECDSA, cornerstones of digital trust won’t survive the quantum era. That’s why CodeSign Secure v3.02 now supports NIST-selected PQC algorithms, allowing organizations to start experimenting and building with the future in mind. 

LMS and MLDSA Signing

CodeSign Secure now enables signing using: 

  • Leighton-Micali Signature Scheme (LMS): A hash-based algorithm suitable for lightweight, high-security environments such as firmware or IoT. 
  • Multivariate Lattice Digital Signature Algorithm (MLDSA): A lattice-based, quantum-safe algorithm designed for high-assurance applications. 

These signature schemes aren’t just for testing, they’re ready for production scenarios that demand forward-looking protection. With PQC capabilities now embedded, you can explore hybrid signing, meet emerging compliance mandates, and confidently future-proof your DevSecOps workflows. 

Signing That Speaks Your Language

Code signing happens everywhere, in build pipelines, Linux distributions, Java applications, and more. CodeSign Secure v3.02 makes it easier than ever to secure your entire software ecosystem with expanded tool support through our new PKCS#11 wrapper

GPG2 Integration via PKCS#11 

Developers working with GNU Privacy Guard (GPG2) can now sign artifacts using keys stored in secure HSMs. This is especially valuable in open-source, Linux, and DevSecOps workflows where GPG is widely adopted. 

Debian & RPM Package Signing 

Linux package maintainers can now securely sign: 

  • Debian (.deb) packages 
  • Red Hat (.rpm) packages 

That means your packages can be authenticated end-to-end, no matter which Linux flavor your users prefer, boosting trust and protecting your delivery pipeline. 

Support for jsign and jarsigner

For Java developers, CodeSign Secure v3.02 enables secure code signing through: 

  • jsign for Windows binaries (EXE, MSI)

No more moving keys or workarounds. Just streamlined, policy-driven signing with strong audit trails. 

Fortanix HSM Integration for Secure Key Management

Signing code is only secure when the keys are secure. That’s why this release includes native integration with Fortanix Data Security Manager (DSM), a trusted HSM platform designed for the cloud era. 

With Fortanix DSM, you get: 

  • FIPS 140-2 Level 3 key protection 
  • True zero trust architecture with fine-grained access control 
  • Flexible deployment across cloud, on-prem, and hybrid environments 

This integration makes CodeSign Secure an ideal choice for enterprises who want HSM-backed signing with the agility of cloud-native deployment. 

Here’s How the New Version Benefits You 

CodeSign Secure v3.02 isn’t just a technical upgrade, it’s a practical response to today’s security challenges. Here’s how these new capabilities translate into real-world value for your organization: 

  • Broader compatibility: Sign with confidence using GPG2, Debian, RPM, jsign, and jarsigner, no extra plugins or custom wrappers required. 
  • Quantum-ready protection: Built-in support for LMS and MLDSA helps you get a head start on post-quantum security and future compliance. 
  • Enhanced key security: With Fortanix HSM integration, you can protect private keys using trusted, FIPS-certified infrastructure. 
  • DevSecOps alignment: Seamlessly fits into your CI/CD pipelines, enabling automated, policy-enforced code signing at scale. 

Whether you’re tightening your software supply chain or preparing for a quantum-secure future, CodeSign Secure v3.02 is designed to help you do it securely, efficiently, and with full confidence. 

Enterprise Code-Signing Solution

Get One solution for all your software code-signing cryptographic needs with our code-signing solution.

Book a demo

Ready for What’s Next in Code Signing 

The latest updates to CodeSign Secure reflect our commitment to helping organizations transition from secure-by-default to secure-for-the-future. Whether you’re preparing for the quantum era, streamlining developer workflows, or modernizing your HSM strategy, version 3.02 has you covered. 

We’re making quantum-safe signing real, not just possible. So if you’re looking to bring PQC, HSM integration, and broader platform compatibility into your code signing process, now’s the time to get started. 

Explore the full release or reach out to see how CodeSign Secure v3.02 can level up your code signing program, today and tomorrow. 

Discover Our

Related Blogs

Using Code Signing in CI CD Pipelines

June 4, 2025

Using Code Signing in CI/CD Pipelines

Read More
CodeSign Secure

May 16, 2025

CodeSign Secure v3.02: Future of Code Signing with PQC

Read More
Code Signing Best Practices

May 7, 2025

How Code Signing Helps in the Software Development Cycle

Read More

Explore

More Topics