Code signing keys are digital certificates used to sign software applications to verify their authenticity and ensure they have not been tampered with. These keys are critical in securing and protecting software applications from malware, Trojans, and other technology-based viruses.
Starting June 1st, 2023, at 00:00 UTC, all private keys for standard code signing certificates must be stored on hardware that meets the requirements for and certified as Common Criteria EAL 4+, FIPS 140 Level 2, or equivalent.
This change aims to strengthen private key protection for code signing certificates. It also aligns with the security standards for EV code signing certificates.
What’s the Reason for the Change?
Certificates that allow for key material to be exported are found to be less secure and more vulnerable to unauthorized use. This is why, starting June 1st, 2023, all private keys for standard code signing certificates must be stored on hardware certified as FIPS 140 Level 2, Common Criteria EAL 4+, or equivalent.
This modification increases trust in the code signing process by instituting safer key storage requirements. It helps prevent unauthorized software modification and protects users from malicious software that can damage their systems.
The requirement of new private storage key will come into effect from June 1st, 2023. It will impact private key storage and certificate installation, signing codes, ordering and renewing certificates, and reissuing certificates.
How do SSL Services Providers Help?
SSL services providers can help businesses and organizations comply with the new code signing key storage requirements. They may offer various services to secure and protect private keys, including using secure FIPS-compliant security key USB devices, dedicated cloud HSM services such as AWS CloudHSM or Azure Dedicated HSM, and on-premises FIPS-compliant Hardware Security Modules (HSM).
They can also guide businesses and organizations through the ordering and renewing code signing certificates and help them reissue certificates after June 1st, 2023. This is to ensure they are installed on supported hardware tokens or HSMs.
Benefits of Using an SSL Services Provider
By using an SSL services provider like ClickSSL, businesses and organizations can ensure they comply with the new code signing key storage requirements while benefiting from improved security for their software applications. SSL services providers can offer a more secure and efficient process for ordering, renewing, and reissuing code signing certificates. They can also give businesses and organizations the peace of mind that the latest security measures protect their software applications.
Closing Thoughts
The upcoming changes to code signing key storage requirements are significant for businesses and organizations that use code-signing certificates to secure their software applications. However, businesses and organizations can get authenticated products by using such SSL service providers. The changes being made to the code signing key storage requirements are essential in protecting against unauthorized software modification and maintaining the integrity of digital ecosystems.
