如何使用 HSM 加強 Code Signing (程式碼簽章, 代碼簽名)的安全性

Why Code Signing

• Code signing is the process of digitally signing executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since is was signed.

Code Signing use cases

• Secure Boot
  Vista/Win7/Win8/Win10
  Device booting, firmware/software upgrading
  
  
• Microsoft Authenticode
  https://docs.microsoft.com/en-us/windows-hardware/drivers/install/authenticode
  
  
• Java jar file signing
  https://docs.oracle.com/javase/tutorial/deployment/jar/signindex.html
  
  
• Internal RD and Manufacturing process control

Code Signing Tools

• Openssl command
  
  
• Microsoft signtool.exe
  
  
• Java jarsigner command
  

HSM enhances Security of Code Signing

• Private keys are protected in FIPS 140-2 Level 3 certified HSM
  
  
• All signing processes run in HSM

請與我們連絡

玉山科技 版權所有 © Copyright AsiaPeak 2006, All Rights Reserved