Generate and protect cryptographic keys required for code signing processes
About Code Signing
Code signing is a security mechanism that verifies the authenticity and integrity of files and program code using digital certificates. It involves digitally signing executables and scripts to:
- Confirm the software author
- Ensure the code remains unaltered since signing
- Prove software trustworthiness to users and devices
Generating and Protecting Cryptographic Keys Used for Code Signing
Code signing certificates rely on asymmetric cryptography, using a public and private key pair. The public key is included in the certificate sent to users, while the private key is used for signing the code.
A Hardware Security Module (HSM) securely generates and stores these cryptographic keys, ensuring the private key never leaves its protected environment. By keeping the key isolated, HSMs prevent unauthorized access and misuse, eliminating the risk of fraudulent code signing.
Solutions Offered by Utimaco
Utimaco’s General Purpose HSMs can be applied for code signing across various environments. All HSMs are FIPS 140-2 Level 3 certified, ensuring a secure environment for cryptographic keys.
Key benefits:
- FIPS 140-2 Level 3 or 4 certified, with options for eIDAS and classified environments.
- Entry-level to high-speed models, supporting up to 40,000 RSA 2K operations / s
- PQC-ready: u.trust General Purpose HSM Se-Series is designed crypto-agile and can be extended with PQC algorithms
