Code Signing Key Management Server

Code Signing Key Management Server (CSKMS)

Connected devices are increasingly at risk of cyberattack, and one of the common attack vectors is malicious software and firmware updates.  Secure boot and code loading operations use digital signatures to verify device software comes from a trusted source and has not been tampered.   This helps thwart would be attackers by blocking the ability to persist malware between boot cycles.

Some developers use open source software to generate code signing signatures, but unless they do so very carefully they risk of improperly managing their very sensitive code signing keys.  Certicom’s Code Signing Key Management Server offers a formal, controlled environment to manage code signing and encryption key access.   It is a secure key management platform that protects signing keys sign and can optionally encrypt sensitive software images for target projects, securely logging key usage and metadata. We offer a convenient method to manage signing privileges for key sets and authorized user groups. 

The Code Signing Key Management Server supports traditional RSA, ECDSA and quantum resistant digital signature algorithms. The CSKMS also supports NIST approved key derivation, encryption and key wrapping algorithms with selectable bit strengths. This makes it suitable for traditional code signing schemes, quantum-resistant signatures and hybrid schemes. 

The system offers web-service base APIs for easy integration with backend OTA services and device provisioning systems like Certicom’s Asset Management System.   

The server features FIPS 140-2 certified hardware security modules to protect sensitive keying material.  The system can be operated off-line in an isolated security bunker requiring security officers to present their tokens to access restricted project keys. Alternatively, using secure web services interfaces to connect to backend software builds, systems and repositories for automated signing applications which do not require offline isolated protection.


Certicom Solution 

Certicom expertise in applied cryptography helps manufacturers around the world protect their devices with public key infrastructure, anti-counterfeiting, product authentication code signing and key management solutions.  Our latest solution addresses the latent but increasingly important threat of cryptographic key cracking quantum computers with support for new quantum resistant signature algorithms and robust key management.


Related Resources