Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

May 2023

How to Generate CSR and Key Attestation using YubiKey Manager for Code Signing Certificates

Want an additional layer of security for your software or app? YubiKey is a hardware that offers safe authentication and encryption for creating and authenticating private keys. Private keys generated by YubiKey devices may be secured such that they never leave the device, making them impenetrable to hackers. Due to New CA/B, If you are using an existing token such as YubiKey (FIPS Series), then here is the quick and easy guide that will help you to generate private key, CSR and Attestation Certificate in YubiKey using YubiKey Manage.

How to Sign .EXE File Using YubiKey Manager? - Detailed Guide from SignMyCode.com

Learn how to sign windows executables using YubiKey! Whenever you are individual software developer or a organization needs to publish software, code signing gets performed. It helps to build a trustworthy relationship with end-users, as signed software eliminates Unknown Publisher Warnings. According to new CA/Browser policies, every certificate owner needs to store the private key in a hardware token. And the token must align with FIPS standards. Otherwise, the certificate will not get issued.

DigiCert Code Signing Changes: New Private Key Storage & API Modifications

Beginning on June 1, 2023, at 00:00 UTC, industry standards will mandate that private keys for code signing certificates must be stored on hardware that meets specific security certifications such as FIPS 140 Level 2, Common Criteria EAL 4+, or an equivalent standard. This requirement applies to all new code signing certificate requests and requests for renewal and reissue of existing certificates.

Simplifying Code Signing Certificate Delivery Methods (Private Key Storage Options)

At SignMyCode, we understand the importance of streamlined and secure code signing certificate delivery. Our certificate delivery methods have been updated to ensure compliance with the latest standards. This article pertains to Code Signing certificates acquired after May 14, 2023. All Code Signing certificates now require installation on physical hardware tokens.

What are SafeNet Luna Network HSM 7 and Thales Luna Network HSM 7?

We will dive into the world of Luna Network HSM 7. You can explore its capabilities and the two options available: SafeNet Luna Network HSM 7 and Thales Luna Network HSM 7. Also, discover how these solutions enhance security and protect your cryptographic keys.

CA/B Forum Baseline Requirements v2.8 for Code Signing Certificates

Under the CA/B Forum BRs for Code Signing Certificates v2.8, Sectigo Certificate Services has implemented a hosted key attestation service to ensure the verification of hardware-backed keypairs during the issuance and management of Code Signing Certificates.

Code Signing with USB Tokens: A Comprehensive Guide

USB, hardware, or cryptographic tokens are portable devices that securely store cryptographic keys. These tokens typically connect to a computer or other devices via USB. USB tokens offer a compact and convenient solution for storing and protecting sensitive cryptographic keys, certificates, and other credentials. They are designed to provide strong encryption, tamper-resistant hardware, and secure key storage.

Certera EV Code Signing Certificate for Highest Software Legitimacy and Integrity

Certera is the modern and affordable certificate authority offering code signing and SSL certificates. It is sub CA is globally trusted CA named Sectigo. Digital certificates called EV (Extended Validation) code signing certificates are used to encrypt and sign code, scripts, and software programs. Users may have a high level of confidence thanks to these certificates that the code being signed is genuine, hasn’t been tampered with, and originates from a reliable source.

FIPS 140-3 Certification and Levels: FIPS 140-2 Vs 140-3

The Federal Information Processing Standard (FIPS) 140-3, is a collection of standards released by the United States government to examine cryptography modules. It explains how to design, develop, and run a cryptography module. The National Institute of Standards and Technology (NIST) and Communications Security Establishment (CSE) created FIPS 140-3 to safeguard critical, unclassified information.

FIPS 140-2 Encryption for Mobile App Security

Data security is crucial to creating mobile apps, and businesses that create or handle sensitive data must adhere to the Federal Information Processing Standards (FIPS). Data is encrypted before it leaves the mobile device and is decoded in a safe environment thanks to the FIPS 140-2 encryption standard. In this article, we will take a look at the standards and best practices for FIPS 140-2 encryption compliance, covering the fundamentals of ensuring a safe mobile app.

What is Token Signing Certificate and How Does it Works?

The most crucial component of any federated partnership is the token-signing certificates, which serve as a key validation method to guard against malicious tampering and security token fraud. These certificates employ a private/public key pairing to authenticate that a legitimate partner federation server issued a security token and confirm that the token was not altered in transit, these certificates employ a private/public key pairing.

What is FIPS? Detailed Guide on FIPS 140-2

The Federal Information Processing Standard (FIPS) is a collection of rules published by the National Institute of Standards and Technology (NIST) that outlines how to store and handle sensitive data securely. It is a fundamental security precaution that all companies must use to protect Personally Identifiable Information (PII). FIPS defines best practices for data encryption, authentication, and access control.

Top Best Practices to Unlock the Power of Ultimate Programming

Do you desire the key to ultimate programming’s power? If so, you should adopt software development and programming best practices. These techniques assist developers in achieving their coding objectives, from generating clean code to avoiding coding mistakes. In this Software Developers Guide, you will discover some unforgettable tips that can change your future as a coder. You can use various best practices in addition to coding standards to unlock the potential of ultimate programming.

Code Signing Guide: Its Working, Types, and Threats

If you have opened this blog post, you are surely seeking an answer to what is Code Signing. Code Signing Certificates are digital certificates used to authenticate the identity and company of the software publisher; to confirm the integrity of the software. Public Key Infrastructure (PKI) technology is used to secure the digital distribution of software. PKI also safeguards other executable files by signing them with a digital signature.

Cyber Security Statistics of 2023: Eye Opening Facts

In today’s one-click world, organizations of all sizes should be committed to improving their cyber security posture. Helping them to mitigate the risk of a data breach and protect their critical assets. This means having the right technology, processes, and people to monitor the environment and respond to incidents quickly and effectively. According to a recent IBM analysis, the average cybercrime takes 280 days to detect and contain and costs businesses up to $3.86 million.