2018-11-13

Six things to consider when choosing your code signing solution

Whenever software is being distributed over the internet (or other insecure networks), or stored and run on untrusted media, it is crucial to use a reliable signing tool to digitally sign all executable files such as applications, libraries and drivers. Today harmful code is a real threat to users, organizations and manufacturing, as criminal groups and even governments use malicious software to steal and monitor data, export money or empty your bank account.

Digitally signed code ensures that the transferred software is trusted and unmodified as long as a secure signing tool is used. Simply setting up any code signing tool you are able to find, may result in an insecure solution that makes you vulnerable to all sorts of attacks.

This guide takes you through six things to consider when choosing your Code Signing solution.

Centralized or decentralized signing solution

Choosing a centralized code signing solution helps you keep secure control of your code signing keys and fully leverage Hardware Security Modules. Different project members or systems authenticate and share the same well protected code signing key and certificate when signing and providing audit records of who signed what. This solution streamlines the process, making it comprehensive, harmonizing and easy to use.

Decentralized solutions require that the keys are available where the code needs to be signed. Organizations with distributed and geographically fragmented development centers, will have to implement complex processes for secure key distribution, usage and management. This will, for most organizations, lead to a less secure, cost-effective and user-friendly solution.

What is it that you need to sign?

Supported code signing formats are of course an important aspect to consider. A centralized solution should be able to be configured with all your current needs in one platform and also be extended with new formats over time as your business needs it to change. Examples of code signing formats are Authenticode for Portable Executables (PE signing), Java (JAR signing) and Windows Installer (MSI signing). Flexibility where the hash is created, client or server, will allow you to conform to security policies and confidentiality requirements.

Security and control

Hardware Security Modules (HSM) are the most secure way of storing and using your code signing keys. One single HSM can store multiple keys and can be reused for multiple formats and use cases. The result is centralized key management and control for your signing service.

Being in control also means having traceable information about who signed what. Whether it is a system or project members that initiate the signing, the service should preferably allow different authentication methods. The most convenient solution for your end users is to integrate with your existing corporate authentication method.  In code signing use cases different project members or systems can authenticate and share the same well protected code signing key and certificate when signing. Other use cases requires individual code signing keys where only one person is granted authorization.

Integration with build systems

Speed to market is crucial for many customers and solutions. Improved security and quality is the objective of a code signing solution, but it needs to go hand in hand with improved efficiency and productivity.

Streamlining the code signing process with your existing processes is done by integrating your build system with the code signing service. We recommend that you spend some time investigating the availability of easy-to-use integration interfaces. This can be crucial for the final success of the solution. A convenient and easy-to-use solution are often more secure in the long-term perspective.

The solution should also offer a well-defined process for managing the lifecycle of keys and certificates that are used in the solution. It is very common that the expiration of the certificates is not monitored and proactively managed.

Performance and reliability

Demonstrated capabilities to scale and provide the availability that is required for your code signing use case should be a must. Secondly, it is important to assess how the solution can support new use cases with new requirements on performance and reliability.

Reliable security partner now and in the future

Investing in a security solution inevitably creates a long-term partnership. Just as with all long- and short-term partnerships it is of importance to partner with a vendor/provider that are able to prove their credibility with various reference cases and proven installations. Another important aspect is to continuously grow with the vendor over time. New use cases are a fundamental part of any organization and therefore it is essential to have the same supplier that enables complete alignment of products and components (e.g additional PKI components) which results in sustained compliance, optimized efficiency and reduced cost of maintenance.

 

In conclusion there are many aspects of code signing that is important to take in consideration when deciding which partner and product that is relevant for your specific needs. From security and reliability to performance and flexibility, everything needs to be well-thought-out. Hopefully this guide will make your decision easier and help you in choosing the best solution for your company.


 

Author: Markus Kilås

Markus has worked at PrimeKey for almost 10 years and has had a continous focus on the signature software SignServer. He is today the product owner for SignServer and is responsible for the development of the product together with his team of 6 people.

More about SignServer