Code Signing

Implement a code signing solution to protect your applications

image description

Given the prevalence of malware and Advanced Persistent Threats (APTs), many software vendors, providers of online services, and enterprise IT organizations are under pressure to increase the security of their code signing process. The Thales Code Signing solution helps software producers of all types implement highly secure and efficient code signing processes that protect their organizations from risks associated with software tampering. Combining tamper-resistant nShield hardware security modules (HSMs) with services from Thales ASG, the Thales Code Signing solution is backed by our extensive expertise in code signing best practices and standards of due care. Proven hardware security modules provide tamper-resistant, certified protection for private code signing keys and a secure platform to perform critical digital signature processes. Thales Code Signing also offers a flexible range of capabilities to simplify and automate the code signing request/approval workflow for organizations with more complex requirements.

Each Thales Code Signing solution includes one or more high-assurance nShield HSMs, the Thales Code Signing framework, and service days appropriate to your specific requirements. Thales ASG will design and configure your solution to support your specific code signing workflow. With the optional addition of Time Stamp Server, organizations can add trusted time stamping to these code signing solutions, allowing them to validate precisely when code was signed. Thales Code Signing is offered in three configurations:

  • Developer. This code signing solution is designed for the individual developer workstation for low volumes of code signing. Your Thales ASG team will perform secure installation and configuration of the nShield Edge USB-attached HSM for secure code signing, and will work with your staff to develop basic policies and procedures for HSM and key management.
  • Workgroup. This code signing solution is designed for organizations with multiple build stations where a shared signing resource is advantageous. It features the nShield Connect network-attached HSM for secure code signing. In addition to performing secure installation and configuration and developing policies and procedures, your Thales ASG team will develop a web service to centralize and automate key management associated with software signing requests from multiple platforms and build stations. The result is stronger security and a more streamlined code signing process.
  • Enterprise. This code signing solution is designed for larger organizations with requirements for highly controlled software signing approval process workflows with robust end-to-end audit capabilities. The solution’s workflow automation simplifies and streamline business processes around code signing including accepting requests through a self-service web portal, notifying approvers, managing approvals
image description

Quick implementation

Get a high-assurance code signing process appropriate to your organization’s size and scope.

image description

Secure

Maximize protection from outsider and insider attacks with a tamper-resistant solution.

image description

Automated solution

Simplify and streamline the code signing process using workflow automation capabilities.




Additional Resources

Solution Brief : Thales Code Signing

"In addition to enhanced code signing key security, the Thales Code Signing solution offers a flexible range of automation capabilities for code signing approval processes as well as for centralized cryptographic key management. The Thales Code Signing solution is unique in that it not only provides a high assurance method to protect private code signing keys in certified secure hardware, but also offers a flexible range of capabilities to simplify and automate the code signing request/approval workflow for organizations with more complex environments."

Download

Webcast : How High Assurance Code Signing Can Make You a Hero (Webcast)

"Thales security expert Peter DiToro gives an informative session where you will learn how to: Provide high assurance protection for private code signing keys and digital signature operations Automate and simplify code signing workflows in multi-workstation environments Apply cryptographic best practices to significantly reduce the risk of malicious software alteration and protect your brand."

Listen Now

Code Signing Benefits:

  • Protect your company, intellectual property, brands, partners, and users from risks associated with software tampering.
  • Quickly implement a high-assurance code signing process appropriate to your organization’s size and scope.
  • Maximize protection from outsider and insider attacks with a tamper-resistant solution.
  • Simplify and streamline the code signing process using workflow automation capabilities.
Mire nuestra demostración interactiva Explorar
Programe una demostración en vivo Programar
Comuníquese con un especialista Contacto