Skip to main content
purple hex pattern
man with white shirt looking down at laptop in server room

Hardware Security for Your Software

Companies that develop software and executables, for internal or external use, face constant threats of bad actors interfering with the software or altering code as part of an attack.

The best way to protect against these attacks is to digitally sign the software or code with signing keys so the code’s integrity can be validated, along with the publisher. But if the private signing keys aren’t securely managed within a tamper-resistant hardware security module, they can be stolen and used to spread altered and dangerous software.

Software developers can use nShield HSMs for code signing to:

  • Establish trust in their applications and updates
  • Help meet the requirements needed to publish to app stores
  • Validate an application's author and integrity
  • Provide the means to detect malicious alteration of legitimate code
  • Reduce risk of identity theft or reputational damage

Download our whitepaper to learn more about our how HSMs secure code signing.

Code Signing in Compliance

The CA/Browser Forum approved Ballot CSC-13 to increase the protection of code signing certificate private keys. Effective November 15, 2022, the code signing certificate key pair must be generated and stored in a hardware cryptographic module that meets or exceeds the requirements of FIPS 140-2 Level 2 or Common Criteria EAL4+.

nShield HSMs help meet the data security requirements set by international regulations and industry standards, including the Common Criteria for Information Technology Security Evaluation (Common Criteria), Payment Card Industry Data Security Standard (PCI-DSS), and the Federal Information Processing Standard 140-2 (FIPS 140-2).

Learn about our HSM compliance solutions.

woman behind glass looking at computer screen
group of business people talking in sunlit lobby area

Authentication and Automation from One Root of Trust

With an Entrust nShield HSM as a root of trust, you can deploy a PKI-based code signing solution to an Entrust Code Signing Gateway, to automate and manage your code signing processes.

The Code Signing Gateway:

  • Manages authorization workflow
  • Accepts requests
  • Notifies approvers via email
  • Manages time-outs
  • Acknowledges approvals
  • Logs activity
  • Delivers signed code to the staging area

Learn about our Code Signing Gateway.

Countless Use Cases Beyond Code Signing

HSMs are the central component in the most important digital security use cases, including code signing.

See more reasons why you should use nShield HSMs – on-prem or in the cloud – including:

blue and purple digital tunnel

nShield general purpose HSMs

nShield HSMs are certified, hardened, tamper-resistant devices that provide a secure environment for generating and protecting keys used for a variety of applications. Also available as-a-service, nShield HSMs are available in multiple form factors:

  • nShield Connect: Appliance serving multiple applications across a network. Also available as-a-service
  • nShield Solo: PCIe card serving applications on a single server
  • nShield Edge: USB-attached desktop device for lower-volume transactions
  • nShield as a Service: subscription-based access to cloud-based cryptographic services
  • nShield HSMi: certified hardware delivering cryptographic services for Entrust secure issuance software

nShield HSMs are certified to FIPS 140-2 Level 2 and Level 3.

Related Products and Solutions


Complete the form to download our white paper, "Establishing Trust and Integrity with Code Signing."

The white paper covers:

  • Code signing technology review
  • New CA/Browser Forum standards
  • The software release process
  • Protecting keys with Entrust nShield hardware security modules
  • How code signing failures happen
  • The Internet of Things and code signing