CodeSign Secure provides a robust and streamlined solution for the challenges which are associated with codesigning. We comply with all the latest regulatory standards like – FIPS 140-2 Level 3 HSM compliance and proxy-based access to the HSM for enhanced security. We make sure our private keys are stored, generated and used within an HSM in response to CA/Browser Forum’s June 1, 2023 requirement.

Value Proposition:

CodeSign Secure is a comprehensive solution that helps protect software integrity across the software supply chain. This, in turn, reduces the risk of code compromise, enforces corporate and regulatory policy, and delivers fine-grained key usages and access controls in code signing.

• Reduces points of vulnerability in the software supply chain and development lifecycle.
• Protect keys from security breaches and theft.
• Mitigate malware and compromised code.
• Enforces corporate policy and regulatory compliance.
• Standardize and centralise management.
• Track signing activities, aiding audits, and detailed logs.
• Controls key usage and signing access to prevent malpractices.
• Set fine-grained key usage and access control.
• Assign user and team-based signing and permissions.

Key Benefits and Features:

These are the few key benefits which support and promote CodeSign Secure as an ideal fit for code signing:

• HSM-based key management and storage (on-premises or cloud) protect keys from security breaches and theft.
• Predefined certificate profiles, cryptographic algorithms, and workflows (even automated workflows) helps standardise and centralise management.
• Logging all the signing events, keypair operations, reporting, and analytics to track signing activities and other key operations.
• Set fine-grained key usage and access controls for centralised controls:
• Key Usage Models: static, dynamic, rotating.
• Key Modes: online/offline, production/test, on-demand, scheduled, time-based, one-time.
• Key Profiles: open/restricted.
• Algorithms: RSA, EC-DSA.
• There are various options for user access and management controls, as well as team-level controls (like - multi-user approval on keypair administration and group quorums)

Use Cases:

• Continuous Integration/ Continuous Delivery (CI/CD) workflows: Our CodeSign Secure handles CI/CD workflows whether they are private, public trust, and, to some degree, device integrity and application signing.
• Containers: We ensure software containers are authenticated and encrypted and maintain their integrity regardless of the coding language used. Whether a customer uses Docker or MS NuGet, CodeSign Secure can integrate into containerised workflows.
• Applications: CodeSign Secure supports application use cases such as Windows Authenticode, Java Applications, and Linux Applications. CodeSign Secure can ensure applications are authenticated and encrypted and maintain their integrity.
• Software: CodeSign Secure will ensure that the software in use or development is authenticated and encrypted and has maintained its integrity, as well as ensuring file authentication, encryption and integrity.
• XML: We ensure the data is authenticated, encrypted and it’s integrity is maintained.