Signing certificates are used to validate a signature on code or a document. As we look ahead to the future of signing certificates, we need to consider the size of the private key for signature and encryption. The signature may have to be valid for a long period of time. Time has consequences. As we move later in time, the older crypto will get weaker. As such, a currently secure signature could get compromised in the future.
The National Institute of Standards and Technology (NIST) has considered these issues and has published NIST SP 800-57 – a.k.a. the Recommendation for Key Management. The recommendations are based on security strength. 2048-bit RSA keys are commonly used today and have a security strength of 112, which is not recommended to be used past 2030.
Microsoft has adopted this recommendation in its policies. For code signing, the company has limited the use of 2048-bit RSA root certificates to no later than 2030. In addition, new root key size requirements for code signing and time-stamping must be 4096-bit RSA.
The CA/Browser Forum has also adopted the NIST recommendation. Effective June 1, 2021, the Baseline Requirements for Code Signing Certificates state the minimum key size for code signing and time-stamping certificates is 3072-bit RSA.
Entrust will accommodate these policies, by deploying a 4096-bit RSA root and issuing CAs in the first half of 2021. Entrust code signing certificate keys will be limited to either 3072 or 4096-bit RSA. If the code signature is time-stamped, the Entrust time-stamp authority will use a 4096-bit RSA key.
Furthermore, Extended Validation (EV) code signing keys must be generated on – and non-EV code signing keys should be generated on – cryptographic hardware. To support this requirement, Entrust provides a cryptographic token to generate and manage private keys. New tokens will also be deployed for new certificates to support 4096-bit RSA keys.
If you are a current customer for code signing certificates, you need to consider migrating to a minimum 3072-bit RSA key pair. If your server or HSM does not support 3072-bit RSA, you can still use a 2048-bit RSA keyed code signing certificate as long as it is issued before June 1, 2021. Note that Entrust and other CAs will migrate earlier to ensure compliance. If you need to renew your certificate, it is recommended this be done before the end of April 2021. Since the code signing certificate validity period maximum is three years, you will get more time to migrate. Note that if you lose your key or need to reissue after migration, the key pair must be a minimum of 3072-bit RSA.
As the Baseline Requirements for signing certificates evolve to stand up to the latest security protocols for crypto, users need to prepare for migration to a stronger key pair to maintain compliance.