Microsoft Authenticode is a code-signing technology that identifies the publisher of Authenticode-signed software. It also verifies that the software has not been tampered with since it was signed and published. Authenticode uses cryptographic techniques to verify publisher identity and code integrity.
Authenticode relies on proven cryptographic techniques from Microsoft and the use of one or more private keys to sign and timestamp published software. From a security point of view, it is important to maintain the confidentiality of these code signing keys. The CryptoServer Hardware Security Module (HSM) integrates with Microsoft Authenticode to provide a trusted system for protecting the organizational credentials of a software publisher. The
CryptoServer HSM secures the code signing keys on a certified industry standard FIPS 140-2.
This integration guide covers all the necessary information to install, configure and integrate Microsoft Authenticode with Utimaco Hardware Security Modules (HSM).
The benefits of using an HSM with Microsoft Authenticode include:
-
Private key will be securely stored on HSM
-
Hardware is FIPS 140-2 level 3 validated
-
Trusted timestamp (TSS) for Authenticode.
Refer to the Microsoft documentation, for more information about installing Microsoft Authenticode.