Native code signing with SignServer

Code signing became very relevant in the recent years as it protects companies, developers, and users from various supply chain attacks. It ensures that software and application integrity can be validated and trusted even when it is distributed over insecure networks or stored on untrusted media.

With introduction of continuous development and platform engineering, the code signing is required to be an integral part of automatized pipelines. However, we need to keep it secure and trackable.

There are multiple ways how you can build code, executables, or various images that are properly signed. The most popular are:

  • using an API that can be integrated to CI/CD pipeline
  • through native code signing applications like jarsigner, SignTool, cosign, etc.

SignServer code signing

SignServer is a secure code signing solution that allows you to keep code signing keys protected, and provides a centrally managed and inspectable single service for all your code signing needs and allows you to keep code signing keys protected.

It enables different project members or systems to authenticate and share the same protected code signing key and certificate when signing, and also provides audit records of who signed what. SignServer can also control individual code signing keys where only one person is granted authorization.

SignServer support various code signing formats, including the authenticode for executables and Windows installers (MSI), PowerShell scripts, Java signing (including Android), PGP signing, container image signing, firmware signing, and client-side hashing for all of that.

Native code signing

Code signing using applications like jarsigner, SignTool, cosign, OpenSSL, etc., is provided natively on operating systems that integrates with the SignServer seamlessly and transparently:

  • on Windows using the KSP provider integration
  • on macOS using Keychain integration
  • on Linux using PKCS#11 middleware

With all the benefits of consistently and securely managed cryptographic keys and signing certificates on the SignServer, you have the possibility to integrate with well-known and officially used code signing tools.

jarsigner

SignTool

cosign

Native integration (KSP, Keychain, PKCS#11)

SignServer

Cryptographic keys

Signing certificates

Code signing configuration

Dashboarding, Monitoring, Reporting

Complete picture with DMR

In addition to the code signing native integration, the DMR for dashboarding, monitoring, and reporting provides a comprehensive solution to visualize certificate-related and signing- related operations and its attributes in time.

It means that you can focus on the code signing automation and provide necessary information to IT managers, executives, or your customers. You can see in the real-time audit logs, signing operations, locations from where the signature is requested, and many more.

SignServer DMR dashboard

Ultimate signing solution

Get in touch with us if you want to try the solution. The SignServer can be your ultimate solution that supports all your digital signing use-case, whether you would like to sign documents, source code, application, scripts, or anything else.

Need help?

Do not hesitate to get in touch with us!

Get in touch with us!

security | data intelligence | consulting

Contact us!