Securing Your Private Keys As Best Practice for Code Signing Certificates

The efficacy of code signing as an authentication mechanism for software depends on the secure storage of code signing private keys used by software publishers. But a series of recent malware attacks using malicious programs signed with legitimate certificates shows that some developers don’t take sufficient precaution.

This paper describes recent security breaches and why they may have happened. It discusses best practices, especially for the Windows platform, which can help to safeguard the private keys associated with code signing certificates.



We use cookies to optimize your experience, enhance site navigation, analyze site usage, assist in our marketing efforts. Privacy Policy