We live in a world that runs on code. Software is everywhere. There are a lot of factors that influence the success of a software development project. Effective collaboration among different development teams and security teams is surely one of the key ingredients. Because development teams work from different locations, it becomes of utmost importance to securely establish authorship and maintain software integrity.
It is important for customers, both internal and external, to trust the software that they use or download, that is coming from an authentic source and not from someone masquerading.
Secure code signing is the practice of digitally signing software (or firmware) and helps to:
- Ensure software authenticity for the end users
- Verify that the code hasn’t been altered since it was published
Often, the code signing process is manual, and it becomes difficult for developers to sign thousands of files per day. Most software developers and IoT manufacturers recognize the need for signed applications but often face challenges while implementing code signing securely. Signing code without protecting your cryptographic keys and certificates can expose you to more risk than no code signing at all.
Why do you need to automate the code-signing process?
Digital certificates and keys are lucrative targets and attackers seek to compromise them to sign and distribute malicious code masked as legitimate software or firmware.
The trust and integrity of software hinges entirely on the security of the code signing keys but keeping them secure is no simple task. Consider:
- Security vs speed: Security and public key infrastructure (PKI) teams would prefer to isolate and lock down private code signing keys, but developers still need quick access to sign code and push it to production.
- Dispersed DevOps: Development teams today work across globally dispersed locations. Code signing keys are often left within reach of hackers on developer workstations and build servers.
- No disruption: n DevOps, frequent incremental software builds is the base. Any changes to the Software Development Lifecycle (SDLC) can introduce risk and delay time to market.
Code signing best practices
Protecting private keys
The burden to sign code often falls on developers — people who are responsible for writing code, not ensuring security. As a result, private signing keys wind up in unsecured network locations where they can be extracted by attackers to sell or create code-signed malware.
The best way to address this is to find how many code-signing keys and certificates an organization has, where they are, and how they are stored. All private keys should be located and transferred into a FIPS 140-2 Level 2 certified hardware security module (HSM) to prevent attackers from gaining physical or logical access.
Integrating with DevOps
Security is only effective with adoption. Code signing should be a collaborative responsibility between security and development teams to achieve mutual goals to protect keys without disrupting the SDLC. One of the best ways to achieve this is by integrating code signing processes with existing developer tools and workflows.
Enforcing access controls
Ensure that only the right developers can sign the right code with the right key, and at the right time. By enforcing access controls and signing policies, enterprises can ensure that, even if a hacker breaches the network, they cannot compromise the code-signing infrastructure.
Continuously monitor and audit
Certificates expire, keys and algorithms weaken over time, and threats continue to evolve. Stay ahead of these risks by continuously monitoring the status of code signing certificates, the strength of algorithms used, and all code signing activities. Regularly log and audit the usage of keys to paint a complete picture and ensure nothing is missed.
Using a malware scanner
If a hacker breaches your developer network, they don’t necessarily need to steal your keys. By gaining access to a build server or developer workstation with access to code-signing infrastructure, hackers can simply submit malware to be signed and distributed without detection.
Ready to get started?
Aujas CodeSign is a DevOps-ready solution for the large-scale signing of software objects, firmware, patches, updates, macros, device drivers, or configuration files and helps you tackle code signing challenges.
This automated and globally accessible solution comes with an enterprise-grade malware scanner to inspect files for malware. It establishes a high state of security on private keys using cloud HSM and role-based approval provides complete control over every code signing activity. IT or security professionals can use it for signing internally approved software for whitelisting, CodeSign is delivered as a SaaS offering with the option of running on public or customer’s private cloud (AWS). It is a developer-friendly solution with easy CLI integration and supports all commonly used forms of signing file types and operating systems.
Want to learn more? Schedule a demo today.
