Application software or scripts are digitally signed using codesigning, confirming the identity of the software manufacturer and ensuring that the software has not been altered or corrupted.
Current systems do not allow the installation of unsigned software, or a warning appears to prevent users from installing potential malware. The software's signature with the certificate of an official provider marks the software as trustworthy and with integrity. Anyone who does not sign his software is considered unprofessional.
Since February 1, 2017, the Certificate Authority Security Council Group (CASC) guidelines have been mandatory for code signature certificates for Microsoft platforms. According to these Minimum Requirements for Code Signing Certificates, private keys must be generated and protected by a FIPS 140-2 Level 2 or higher certified HSM. Either through appropriate hardware on-site or a cloud-based HSM service. Observing additional certificate requirements for the signature of hardware drivers or Apple app is a must.
In contrast to the commonly used USB crypto tokens, which connect to a system via USB, CloudsHSM integrates seamlessly into the development environment via the network and thus increases the degree of automation in the code signature process. For the software to be recognized as trustworthy, signing with an Extended Validation Certificate (EV Certificate) from a publicly recognized Certification Authority (CA) is a prerequisite. The CloudsHSM is also CA/Browser Forum compliant, which means that issuing and managing Publicly- Trusted Code Signing certificates is not a problem in terms of code signing.