a secure and flexible code-signing solution › wp-content › ... · docker images supported file...

4
www.EncryptionConsulting.com www.EncryptionConsulting.com/MyCodeSigner Supports digital code-signing for multiple file formats Secures & manages private keys for code-signing with HSM’s Supports Malware and Virus scans for the added security before signing the code Driven by flexible and customizable policies and approval workflows Multi deployments options with on-premise, private cloud or SaaS options Quick implementation by seamless integrations with the existing build processes A secure and flexible code-signing solution

Upload: others

Post on 07-Jul-2020

17 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: A secure and flexible code-signing solution › wp-content › ... · Docker images Supported File Types Utimaco HSM Thales HSM nCipher HSM AWS Cloud HSM Azure Key Vault Supported

www.EncryptionConsulting.com

www.EncryptionConsulting.com/MyCodeSigner

Supports digital code-signing for multiple file formatsSecures & manages private keys for code-signing with HSM’sSupports Malware and Virus scans for the added security before signing the codeDriven by flexible and customizable policies and approval workflowsMulti deployments options with on-premise, private cloud or SaaS optionsQuick implementation by seamless integrations with the existing build processes

A secure and flexible code-signing solution

Page 2: A secure and flexible code-signing solution › wp-content › ... · Docker images Supported File Types Utimaco HSM Thales HSM nCipher HSM AWS Cloud HSM Azure Key Vault Supported

When a software/script/macro is downloaded and during its installation or execution you see a popup saying, “Are you sure you want to run this?” or “Do you want to allow the following program to make changes to this computer” then that means code-signing is in action. Code-Signing Solution plays an important role as it can enable identification of a legitimate software v/s a malware or a rogue code.

Code-signing is a process that confirms the authenticity and originality of digital information especially a software code assuring this digital information is not a malicious code and establishes the legitimacy of the author. It also provides assurance that this piece of digital information has not changed or had been revoked after it has been digitally signed.

High assurance method to protect private code-signing keys in HSM

Configurable Malware and Virus scans before code-signing

Multi-factor authentication for the enhanced security

Faster Implementation and Automation

Configurable policies for signing different types of code

Configurable approval workflows for the control and transparency

Support for integrating with your choice of SIEM for audit reports

REST API, allowing for custom integrations and requirements.

Overview

Featuresat a Glance

MyCodeSigner provides a secure and flexible solution to your code-signing needs.The features include: The keys are protected by your choice of HSM.Customizable policies and workflows can be defined to secure and streamline the process of job submission and approvals.Support for virus and malware scans before signing the code.Built-in support for signing Windows, Linux, Macintosh, Docker and Android/iOS apps. The framework is extendable to include specific code or document not directly supported by the solution.MyCodeSigner is developed on an open REST API, allowing for custom integrations and requirements.

MyCodeSigner Solution

www.EncryptionConsulting.com/MyCodeSigner

Copyright © 2019 - All Rights Reserved - Encryption Consulting LLC

The private keys of the code-signing certificate can be stored in HSM to eliminate risks associated with stolen, corrupted or misused keysRobust access control system and can be integrated with LDAP and customizable workflows to mitigate risks associated with granting wrong access to unauthorized users allowing them to sign code with malicious certificatesCustomizable workflows and policies to improve adoption of the solution can enable different business teams to have their own workflow for code-signingValidation of code against virus and malwares before digitally signing will mitigate risks associated with signing a malicious code

MyCodeSignermitigates the risks associated with code signing

Page 3: A secure and flexible code-signing solution › wp-content › ... · Docker images Supported File Types Utimaco HSM Thales HSM nCipher HSM AWS Cloud HSM Azure Key Vault Supported

Windows files like .exe, .dll, .msi, .cab, .ocx

RPM on Linux

Jar files

Mac OS software

Andorid and iOS apps

Docker images

Supported File TypesUtimaco HSM

Thales HSM

nCipher HSM

AWS Cloud HSM

Azure Key Vault

Supported HSMs

MyCodeSigner is designed to provide the most secure code-signing capabilities and built-in support to customize your code-signing workflow as per the latest security standards. The open architecture framework provides the utmost flexibility to implement at the customer environments without altering their existing build processes, be it traditional SDLC, Agile or DevOps. The product seamlessly integrates with your on-premise systems and provides the easy to use interface to manage and operate code-signing within the organization.

solution architecture

www.EncryptionConsulting.com

Sign with confidence

Info SecAdmins

SMTP Server

MyCodeSignerClient

Build Server 1

CorporateActive Directory

Code-Signing JobsWork�ows

Job Submitters

Job Approvers

My CodeSignerApplication

HSMMyCodeSigner Server

Windows Build Servers

OROn Premise

HSM

Cloud HSM

AuditDatabase

Code SigningPrivate

Keys

HSM Client

Build Server 2

MyCodeSignerClient

Build Server 1

Build Server 2

Build Server 1

Unix Build Servers Macintosh Build Servers

MyCodeSignerClient

Build Server 2

Page 4: A secure and flexible code-signing solution › wp-content › ... · Docker images Supported File Types Utimaco HSM Thales HSM nCipher HSM AWS Cloud HSM Azure Key Vault Supported

On-premise model

MyCodeSigner server and client modules will be installed locally.

Solution can be integrated with any existing HSM’s available locally to store keys.

Hybrid model

MyCodeSigner server and client modules will be installed locally within the customer premise and the

private keys for signing certificates can be stored on cloud HSM and vice-versa.

SaaS model

Fully SaaS model where the organizations subscribe to MyCodeSigner services online.

Deployment Options

Encryption Consulting is a dedicated consulting firm that focuses on providing all the aspects of Encryption such as PKI, Hardware Security Module, Code-Signing, Enterprise key management, Transparent Data encryption, Element level format preserving encryption and Tokenization. At Encryption Consulting, we provide encryption services that help organizations to achieve the triad of Confidentiality, Integrity and Availability.

MyCodeSigner helps organizations stay ahead of the curve by providing a secure code-signing solution with tamper proof dtorage for the keys and complete visibility and control of change.

why MyCodesigner

About Encryption Consulting

Encryption Consulting LLC. 130 N Preston Rd, Prosper, TX 75078, USA |+1- 469-815-4136 | [email protected] CONFIDENTIALITY. INTEGRITY. AVAILABILITY.Find us:“EncryptionConsulting” on