Code Signing

Authenticate software with trusted digital certificates

Code signing is used to confirm the author of software and to ensure that the code has not been modified or corrupted since it was last officially signed. Digital signature is achieved by digitally signing executables and scripts using a designated cryptographic key.

Security risks of improper Code Signing

Ensuring that code signing keys are properly requested, approved, generated and tracked is critical to avoid their getting into the wrong hands, resulting in malicious code being signed using a legitimate certificate. The negative result of unsigned malicious code being trusted and run on internal systems could be detrimental for users and devices that access and use the software. Imagine if a patient’s heart could be hacked?

How can CSS help strengthen your Code Signing practices?

  • Issue code-signing certificates only to authorized users
  • Track code-signing certificate expiration and handle renewal
  • Centralize the inventory of all code-signing certificates issued from multiple certificate authorities
  • Workflow-based verification during certificate issuance

How PKI and digital certificates efficiently enable Code Signing

  • Code-signing certificates can be issued by a PKI, whether publicly rooted or privately rooted
  • Generating code signing certificates requires careful oversight and control; certificate management software can efficiently and cost-effectively help you issue and manage a large volume of code signing certificates

CSS solutions to help strengthen Code Signing practices

Learn more how to improve the security of your Code Signing procedures.