Securing your Private Keys as Best Practice for Code Signing Certificates
The sophisticated malware attack, Stuxnet, used innovative tools and techniques to infiltrate networks, one of which was to use binaries digitally signed with code signing certificates. The damage it has done to the affected companies has been considerable. However, companies who are diligent and willing to invest in the appropriate security measures can mitigate the risk of compromised private keys that are associated to code signing certificates.
This paper examines recent security breaches such as Stuxnet, and offers best practice measures, especially for the Windows platform, that can help to safeguard private keys so that your company doesn’t become tools of malicious hackers.