Tag Archives: test code signing infrastructure

Protect Your Private Keys: Three Easy Steps for Safe Code-Signing

December 19, 2013 by Bruce Morton     No Comments

A recent article by the Microsoft malware protection center, “Be a real security pro – Keep your private keys private,” reminded me of some best practices. There are far too many cases of illegitimate code being signed by a stolen private key for legitimately signed code-signing certificates. In these cases, the owners of the private [Read More...]

Code Signing: Best Practices

July 27, 2012 by Bruce Morton     1 Comment

The biggest issue with code signing is the protection of the private signing key associated with the code signing certificate. If the key gets compromised, then your certificate is worthless. A compromised key may also jeopardizethe software that you have already signed. Here are some best practices for code signing: 1. Minimize access to private [Read More...]