Code Signing Key Management Server (CSKMS)
As the world grows more connected, protecting devices from cyberattack is becoming increasingly important. One of the most common attack vectors is a malicious software update. Secure boot and code loading operations use digital signatures to verify device software comes from a trusted source and has not been tampered. This helps prevent attackers by blocking their ability to persist malware between boot cycles.
Some developers use open source software to generate code signing signatures, but if software is not signed by a trusted party, anyone can replace it with malware. Certicom’s Code Signing Key Management Server (CSKMS) offers a formal, controlled environment to manage code signing and encryption key access. The secure key management platform that protects signing keys signs and can optionally encrypt sensitive software images for target projects, securely logging key usage, and metadata. We offer a convenient method to manage signing privileges for key sets and authorized user groups.
The Code Signing Key Management Server supports traditional RSA, ECDSA, and quantum resistant digital signature algorithms. CSKMS also supports NIST approved key derivation, encryption, and key wrapping algorithms with selectable bit strengths. Thus, CSKMS is suitable for traditional code signing schemes, quantum-resistant signatures, and hybrid schemes.
The system offers web-service base APIs for easy integration with backend OTA services and device provisioning systems like Certicom’s Asset Management System.
The server features FIPS 140-2 certified hardware security modules to protect sensitive keying material. The system can be operated off-line in an isolated security bunker requiring security officers to present their tokens to access restricted project keys. Alternatively, using secure web services interfaces to connect to backend software builds, systems, and repositories for automated signing applications which do not require offline isolated protection.
Certicom expertise in applied cryptography helps manufacturers around the world protect their devices with public key infrastructure, anti-counterfeiting, product authentication code signing, and key management solutions. Our latest solution addresses the increasingly important threat of cryptographic key cracking quantum computers with support for new quantum resistant signature algorithms and robust key management.