The CA/Browser Forum has approved Ballot CSC-13, which aims to increase the protection of code signing certificate private keys.
The Code Signing Baseline Requirements (CSBRs) address the issuance of extended validation (EV) and non-EV code signing certificates. Previously, the CSBRs had different private key protection requirements for EV and non-EV code signing certificates. For instance, the non-EV key pair could be generated in software, which would easily allow the private key to be distributed and thereby increase the potential risk of it being compromised.
Effective November 15, 2022, the code signing certificate key pair must be generated and stored in a hardware crypto module that meets or exceeds the requirements of FIPS 140-2 Level 2 or Common Criteria EAL4+. This means the key pair will be generated in a device, where the private key cannot be exported. This will help to minimize the chance of the private key being compromised.
There is flexibility regarding where the code signing certificate subscriber may use a hardware crypto module, which is operated by:
- The subscriber, such as a secure token or a server hardware security module (HSM)
- A cloud service, such as AWS or Azure
- A signing service that can be provided by the certification authority (CA) or another trusted service provider
In addition, the CA must verify or ensure the private key was generated in a hardware crypto module using one of the following methods:
- CA ships a hardware crypto module with pre-generated key pair(s)
- Subscriber certificate request is counter-signed by the hardware crypto module providing remote key attestation
- Subscriber uses a CA enforced prescribed crypto library and a suitable hardware crypto module combination
- Subscriber provides an internal or external IT audit indicating that it is only using a suitable hardware crypto module to generate the key pair(s)
- Subscriber provides a suitable report from the cloud-based key protection solution subscription and resources configuration protecting the private key in hardware crypto module
- CA relies on a report signed by an auditor who witnesses the key pair generation in a subscriber-hosted or cloud-based hardware crypto module
- Subscriber provides an agreement that they use a signing service meeting the CSBRs
The goal is to reduce code signing certificate private key compromise, which mitigates risk to relying parties of installing signed malware in their systems.
In the long term we hope that all hardware crypto module vendors add support for remote key attestation as this provides a user-friendly method with a cryptographic assurance that a private key was generated using a suitable hardware crypto module.