Keyfactor Signum Strengthens Software Supply Chain Security Without Slowing Productivity
New service allows developers to use native signing tools for easy, secure code signing
CLEVELAND–(BUSINESS WIRE)–Keyfactor, the machine and IoT identity platform for modern enterprises, today announced the launch of Keyfactor Signum, a new code signing as-a-service platform that makes it easy for developers to sign code and containers in a secure way, without disrupting productivity.
Organizations today face persistent software supply chain attacks that compromise application development pipelines, IT scripts, macros, and more. Code signing keys are high-value targets for attackers that seek to steal and compromise keys to sign malicious code disguised as trusted software. Shortcuts in the signing process often lead to sensitive keys being left exposed on build servers or developer workstations. Understanding who signed which code and in what context is critical to prevent attacks.
Keyfactor Signum solves these challenges by providing security teams with protection for code signing keys, backed by an HSM and granular signing policies, while allowing developers to leverage the same native signing tools they currently use.
The CA/B Forum has issued requirements that stipulate private keys for EV code signing certificates be generated and protected in a compliant hardware crypto module. “Recent changes made by the CA/B Forum, which are scheduled to go into effect in the next 12 months, mean that organizations are required to generate and store code signing keys in a cryptographic module,” said Ben Dewberry, Product Manager Signing & Key Management, Keyfactor. “Keyfactor Signum makes it easy to comply with these new requirements, without causing any disruption to developers that need to move quickly.”
Keyfactor Signum is a SaaS solution hosted and managed by Keyfactor in the cloud. Key features and benefits include:
- Integrate with Native Tools: Keyfactor Signum integrates natively with popular signing tools like Microsoft SignTool, OpenSSL, and Jarsigner via the KSP interface for Windows and PKCS11 interface for Linux, making it transparent to developers.
- Secure Key Storage: Sensitive signing keys are generated and stored in HSM to ensure the highest level of protection and comply with CA/B Forum Extended Validation code signing certificate requirements.
- Policy and Governance: A simple web interface makes it easy to define who can sign what, when, and where, with complete auditability of all signing activities.
- Authentication: Only authorized developers and admins can sign code and manage signing policies via integration with Identity Providers, making it easy to deploy rapidly throughout the organization.
To learn more about Keyfactor Signum, click here.
About Keyfactor
Keyfactor is the machine and IoT identity platform for modern enterprises. The company helps security teams manage cryptography as critical infrastructure by simplifying PKI, automating certificate lifecycle management, and enabling crypto-agility at scale. Companies trust Keyfactor to secure every digital key and certificate for multi-cloud enterprises, DevOps, and embedded IoT security.
Contacts
Press
Jake Schuster
fama PR for Keyfactor
E: keyfactor@famapr.com