Gemalto is now part of the Thales Group, find out more.
Contact Us

Code Signing Key Security Solutions

How Code Signing Works

Private Key Security for Code Signing Certificates Icon

Code signing has emerged as an essential ingredient to doing business for virtually any organization that distributes code to customers and partners.

Code signing verifies who the publisher of a specific set of code is and attests to the fact that it has not been modified since it was signed.

Certificates delivered along with software that has been signed are a key way for users to determine whether software originates from a legitimate source before installing.

Today, many software marketplaces, including mobile app stores, require code to be compliant with specific digital signing requirements. 

No matter the use case, private key security must be utilized for code signing certificates to be trusted and valued.

Code Signing Resources


Code Signing-HSM - Solution Brief

Are you a software publisher facing increased pressure to sign code? Read this solution brief to hear about a customer challenge and use case for Code Signing, as well as five benefits ga...

Code Signing-HSM - Solution Brief  

Egg Bank - ViewPIN+ - Case Study

The world’s largest online bank securely issues PINs online to save money, reduce fraud, and improve the customer experience with SafeNet’s award-winning ViewPIN+ Web-based PIN management...

Egg Bank - ViewPIN+ - Case Study  
Code Signing Certificate Icon

Code Signing Architectures

Code signing architectures are comprised of several key facets, including:

  • Public key infrastructure (PKI) technology is used to create a digital signature.
  • The digital signature is based on a private key and contents of a program file.
  • In distributing its code, the developer packages the signature with the file or in an associated catalog file.
  • Upon receipt of the signed code, users or devices will combine the file, certificate, and associated public key to verify the identity of the file signer and the integrity of the file.

In code signing environments, a critical vulnerability exists: private keys.

Private Key Security for Code Signing

Purple Cryptographic Key Icon

Anyone who can access a legitimate certificate owner’s private key can create software that will appear to be signed by that organization.

Numerous breaches have used fraudulent code signing certificates to cause significant damage of the certificate owner’s reputation and business.

In order to effectively secure private keys used in code signing, it is vital for organizations to leverage hardware security modules (HSMs). Keys stored on servers or other systems are too susceptible to unauthorized access and compromise. Storing keys in robust, tamper-evident HSMs can eliminate these risks.

Gemalto's SafeNet HSMs offer:

  • Secure key generation and storage
  • High availability and reliability
  • Performance and scalability
  • Support for elliptic curve cryptography (ECC)
  • Robust administrative access controls
  • Governance and compliance
Learn More About SafeNet HSMs

Partner Spotlight: Microsoft Authenticode Code Signing

Microsoft Logo

Microsoft Authenticode permits end users to identify who published a software component and verify that no one tampered with it before downloading it from the Internet.

Authenticode relies on proven cryptographic techniques and the use of one or more private keys to sign and time-stamp the published software. It is important to maintain the confidentiality of these keys.

Gemalto's SafeNet Hardware Security Module (HSM) integrates with Microsoft Authenticode to provide a trusted system for protecting the organizational credentials of the software publisher. SafeNet HSMs secures the code signing key within an industry standard FIPS 140-2 Level 3 validated HSM.

Learn More About Authenticode Code Signing
Explore Our Technology Partnerships
Back to Top

Contact Us

Thank you for your interest in our products. Please fill out and submit the form to receive more information about Gemalto or to be contacted by a Gemalto specialist.

Your Information

* Email Address:  
* First Name:  
* Last Name:  
* Company Name:  
* Phone:  
* Country:  
* State (US Only):  
* Province (Canada/Australia Only):  

By submitting this form I agree to receive information from Gemalto and its affiliates as described in our Privacy statement.