CODE SIGNING SECURES THE SOFTWARE YOUR BUSINESS RUNS ON
Learn why nShield HSMs are essential for securing and ensuring the integrity and authenticity of critical code.
Hardware Security for Your Software
Companies that develop software and executables, for internal or external use, face constant threats of bad actors interfering with the software or altering code as part of an attack.
The best way to protect against these attacks is to digitally sign the software or code with signing keys so the code’s integrity can be validated, along with the publisher. But if the private signing keys aren’t securely managed within a tamper-resistant hardware security module, they can be stolen and used to spread altered and dangerous software.
Software developers can use nShield HSMs for code signing to:
- Establish trust in their applications and updates
- Help meet the requirements needed to publish to app stores
- Validate an application's author and integrity
- Provide the means to detect malicious alteration of legitimate code
- Reduce risk of identity theft or reputational damage
Code Signing in Compliance
The CA/Browser Forum approved Ballot CSC-13 to increase the protection of code signing certificate private keys. Effective November 15, 2022, the code signing certificate key pair must be generated and stored in a hardware cryptographic module that meets or exceeds the requirements of FIPS 140-2 Level 2 or Common Criteria EAL4+.
nShield HSMs help meet the data security requirements set by international regulations and industry standards, including the Common Criteria for Information Technology Security Evaluation (Common Criteria), Payment Card Industry Data Security Standard (PCI-DSS), and the Federal Information Processing Standard 140-2 (FIPS 140-2).
Authentication and Automation from One Root of Trust
With an Entrust nShield HSM as a root of trust, you can deploy a PKI-based code signing solution to an Entrust Code Signing Gateway, to automate and manage your code signing processes.
The Code Signing Gateway:
- Manages authorization workflow
- Accepts requests
- Notifies approvers via email
- Manages time-outs
- Acknowledges approvals
- Logs activity
- Delivers signed code to the staging area
Countless Use Cases Beyond Code Signing
HSMs are the central component in the most important digital security use cases, including code signing.
See more reasons why you should use nShield HSMs – on-prem or in the cloud – including:
nShield general purpose HSMs
nShield HSMs are certified, hardened, tamper-resistant devices that provide a secure environment for generating and protecting keys used for a variety of applications. Also available as-a-service, nShield HSMs are available in multiple form factors:
- nShield Connect: Appliance serving multiple applications across a network. Also available as-a-service
- nShield Solo: PCIe card serving applications on a single server
- nShield Edge: USB-attached desktop device for lower-volume transactions
- nShield as a Service: subscription-based access to cloud-based cryptographic services
- nShield HSMi: certified hardware delivering cryptographic services for Entrust secure issuance software
nShield HSMs are certified to FIPS 140-2 Level 2 and Level 3.
Related Products and Solutions
Complete the form to download our white paper, "Establishing Trust and Integrity with Code Signing."
The white paper covers:
- Code signing technology review
- New CA/Browser Forum standards
- The software release process
- Protecting keys with Entrust nShield hardware security modules
- How code signing failures happen
- The Internet of Things and code signing