Best Practices 01-26-2021

Standardize
Code Signing
Workflows
to Reduce
Organizational
Risk

Dave Roche

Who manages the access keys to your office building? Does everyone use the same key to access all parts of your office, or do groups of employees have their own unique key cards? If everyone had a copy of a key card with access to all areas, and one person loses their key card, then everyone, and the entire organization, are at risk. However, if different teams have their own keys which are role-based and limit activity and access, you can reduce the risk to your organization. That is how key cards work for office access, and it is a bit similar to how development teams can mitigate organization risk when it comes to code signing.

Using separate code signing keys for different DevOps teams is a code signing best practice, because if keys are used to sign releases that contain malware or vulnerabilities in customer software, then only the key used to sign that release is the one that has exposed your company to reputational risk and the requirement for remediation and/or countermeasures. To come back to the keycard example, it’s like giving teams the rights to access only certain rooms in the office, so if a thief steals a team member’s key card, they can’t access the rest of the office building.

DigiCert® Software Trust Manager can help reduce risks in three main ways: by segmenting teams, providing flexibility around how to use and reuse signing keys and codesigning certificates, and taking keys offline, all while enabling companies to remain compliant with industry requirements. Here’s some insight into what that looked like for a leading laboratory technology company that recently became a DigiCert Software Trust Manager customer.

Case study

A leading laboratory technology company recently addressed the risk of using a single certificate for the majority of their software. Their code signing operations had become unruly and chaotic. The company supports around 17 worldwide development teams, which determined that sharing a single keypair and certificate was not meeting their information security goals.

The company decided to replace their code signing certificates with a more robust solution, DigiCert Software Trust Manager. DigiCert Software Trust Manager helps them maintain and store keys securely within the service and then issue and manage keys and certificates from that platform. It also offers comprehensive visibility into access rights, roles and signings, with centralized control even with changing development teams worldwide, as well as the ability to store signing keys offline until they are needed and authorized for use.

Overall, the company has noticed greater overall security with their code signing operations and increased discipline over issuing keys and certificates.

With that in mind, here are three ways DigiCert Software Trust Manager reduces risks around keys and certificates for code signing, while ensuring that code signing activities remain compliant with CA/B Forum requirements and industry standards.

Segment teams

DigiCert Software Trust Manager keeps keys separate among teams, while allowing administrators visibility over all operations and key usage. This reduces the risk of inadvertent mistakes across the company. For instance, customers may pull in libraries without doing their due diligence on the library or template, and in the case that a key is used to sign releases with a vulnerability or malware in customer software, then only one team’s code is compromised. Keys are not available for other teams to use, so, as in the example of distributing different office keys, if there is a breach only one room is exposed.

This also reduces remediation efforts in case of revocations. Even if vulnerabilities are discovered or exploited, the response is easier because the scope of the impact is much reduced, thus reducing remediation type activities.

Key management flexibility

DigiCert Software Trust Manager also reduces risk by allowing admins to rotate keys, set shorter certificate lifetimes and control keypairs. Administrators can rotate keys every certain number of days or months, which is critical for Microsoft files. Microsoft rewards publishers who rotate keys with higher levels of reputation. If you need to sign files for usage in Microsoft operating systems (DLL files, EXE files, etc.) then Microsoft expects you to cycle through a pool of certificates rather than using the same certificates over and over again for signing. You can also set shorter certificate lifetimes so that they expire each year.

Administrators can issue a new certificate based on the same key pair, which is protected by DigiCert. Additionally, you can create new key pairs and certificates for product releases and use them only once. Keys and certificates are then removed from the service, so they are not available for future signings without taking an action to revoke the certificate.

Take keys offline

You can set keys to offline mode in DigiCert Software Trust Manager so that they cannot be used to sign releases without advanced permission. Developers are naturally good at planning releases, so getting permissions to use the keys or schedule access prior to permitting signatures with specified keys can fit easily into their release process. This keeps keys safe from being used when they shouldn’t be and ensures you know what keys are being used when and where. Taking keys offline also separates duties between signers and approvers for another layer of security.

About DigiCert Software Trust Manager

DigiCert Software Trust Manager helps companies reduce the risk around keys and certificates, maintain visibility over code signing operations and ensure industry compliance. Using DigiCert Software Trust Manager, organizations can secure DevOps and Continuous Integration/Continuous Delivery (CI/CD) operations with a scalable workflow. Plus, in the case of necessary revocations, DigiCert Software Trust Manager features make remediation simpler.

Built in DigiCert ONE™, DigiCert Software Trust Manager is a modern way of managing code signing by enabling automated security across CI/CD pipelines with portable, flexible deployment models and secure key management. DigiCert Software Trust Manager supports code signing best practices like unique key and certificate per signing for private signing, on-demand keys and rotating keys. DigiCert Software Trust Manager is compatible with most popular platforms and libraries like Docker, Java, Authenticode, OpenSSL and Android.

Visit https://www.digicert.com/software-trust-manager for more information about DigiCert Software Trust Manager.

UP NEXT
PKI

3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min

Featured Stories

07-03-2024

What is a CA’s Role in delivering digital trust?

Why certificate automation is an absolute must

11-15-2024

4 steps to secure the IIoT device lifecycle