Microsoft Authenticode is a code-signing technology that identifies the publisher of Authenticode-signed software. It also verifies that the software has not been tampered with since it was signed and published. Authenticode uses cryptographic techniques to verify publisher identity and code integrity.
Authenticode relies on proven cryptographic techniques from Microsoft and the use of one or more private keys to sign and timestamp published software. From a security point of view, it is important to maintain the confidentiality of these code-signing keys. The u.trust GP Hardware Security Module (HSM) integrates with Microsoft Authenticode to provide a trusted system for protecting the organizational credentials of a software publisher. The u.trust GP HSM secures the code-signing keys on a certified industry standard FIPS 140-2.
This integration guide covers all the necessary information to install, configure and integrate Microsoft Authenticode with Utimaco u.trust GP HSM.
The benefits of using an HSM with Microsoft Authenticode include:
-
The private key will be securely stored on the HSM.
-
The hardware is FIPS 140-2 level 3 validated.
-
Trusted timestamp (TSS) for Authenticode.
Refer to the Microsoft documentation for more information about installing Microsoft Authenticode.