Read time: 5 minutes
Why You Should Follow Code Signing Best Practices
Code Signing in the Industry
Top Code Signing Best Practices
Below are some of the top code signing best practices that any organization can use to harden their existing security system.
- Utilization of Hardware Security Modules : One of the most important code signing best practices to follow is using a Hardware Security Module, or HSM, to protect your private keys used for code signing certificates. Though software-based storage methods exist and are a viable key storage method, HSMs are ultimately a much safer method of private key storage. HSMs use tamper-evident tools to ensure that no one without proper access to the HSM can utilize the keys held within. To access an HSM without the proper permissions, a threat actor would essentially need to steal the HSM from the server rack it is installed on and then physically access the HSM and steal the keys. The strength of the security behind an HSM is why they are recommended so highly for code signing best practices.
- Proper Access Control : Access to keys and HSMs in general must be carefully curated within an environment to ensure that unwanted users cannot use code signing for malicious intent. It must be assured that users within the environment only have access to the code signing processes and tools that they absolutely must have access to to complete their job. This method of access control is known as the Principle of Least Privilege. Least Privilege is commonly followed by most organizations, as it is a great method to control access to keys, files, and data in general within a secure environment.
- Use of a Secure Public Key Infrastructure : Another important part of a strong code signing environment is the use of a strong and trusted Public Key Infrastructure. A Public Key Infrastructure (PKI) uses Certificate Authorities (CAs) to distribute certificates, whether they be for code signing, authentication, or other purposes, to users and devices within an organization. A PKI used by an organization can be external, where a trusted secondary organization manages all the components of the PKI, or it can be internal and run by the organization itself. When using external PKI systems, the primary organization must ensure that it is using a trusted external organization to run it is a secure PKI. If using an internal PKI, organizations should ensure that it is properly setup, with every security detail properly in place. The average internal PKI utilizes a two-tier hierarchy, with an offline Root CA and an online Issuing CA. The Issuing CA is the one which will actually distribute certificates to users and devices within the organization.
- Proper Workflow Management : Another important part of code signing is ensuring that a proper workflow management is in place. Workflow management refers to the idea of having any code signing activity be logged and require approval from a secondary, trusted user. Logging of code signing activity is vital, as when a code signing breach occurs, the organization in question can audit the trail of the breach and ensure that the gap found in the environment is promptly fixed. Approvals are also important, as they ensure that if an insider threat were to attempt to send malware through a properly signed code update, a secondary user would look at the code to be signed and notice that it is not a proper update and stop the signing of that code.