Application software or scripts are digitally signed using codesigning. This confirms the identity of the software manufacturer and ensures that the software has not been altered or corrupted.
Current systems do not allow the installation of unsigned software, or a warning appears to prevent users from installing potential malware. The signature of software with the certificate of an official provider marks the software as trustworthy and with integrity. Anyone who does not sign his software is considered unprofessional.
Since February 1, 2017, the guidelines of the Certificate Authority Security Council Group (CASC) hhave been mandatory for code signature certificates for Microsoft platforms. According to these Minimum Requirements for Code Signing Certificates, private keys must be generated and protected by a FIPS 140-2 Level 2 or higher certified HSM. Either through appropriate hardware on site or through a cloud-based HSM service. In contrast to the commonly used USB crypto tokens, which are connected to a system via USB, Clouds HSM integrates seamlessly into the development environment via the network and thus increases the degree of automation in the code signature process. For the software to be recognized as trustworthy, it must be signed with an Extended Validation Certificate (EV Certificate) from a publicly recognized Certification Authority (CA). Additional certificate requirements must be observed for the signature of hardware drivers or Apple apps.