Code Signing Trust

What is DevSecOps?

What is DevSecOps?

DevSecOps is a security function within a DevOps team that is responsible for defining and implementing corporate security policy as it relates to software development and engineering processes. DevSecOps may be responsible for guiding decisions around code signing, data privacy, software supply chain, and other activities that govern security of systems and data.


What is key sharing?

Key sharing refers to a practice of storage and use of the same signing keys among members of a development organization. While convenient for fast access, this practice opens the security risk for key theft and misuse and expands the threat vector for intentional or unintentional damage. Lost or stolen private keys can impact productivity, pulling team members away from priority projects to do remediation. Key sharing can also result in older application versions becoming distrusted.


What is an HSM?

HSM stands for Hardware Security Model. An HSM is a physical computing device that is specifically designed to safeguard and manage digital keys.


What is PKCS#11?

The PKCS#11 refers to both the standard (Public-Key Cryptography) and the API to interact with cryptographic tokens. The standard defines the interface to cryptographic tokens such as hardware security modules (HSM) and smart cards. The API defines commonly used cryptographic object types (such as X.509 certificates) and the functions needed to create/generate, modify, use, and delete these objects.


What is a KSP?

KSP stands for Key Storage Provider, and it provides key storage and retrieval for private keys.


What is hash signing?

In some instances, when a file needs to be signed, the signing service requires that the entire source file be uploaded to the service for processing and signing. With hash signing, only the hash of the source file is uploaded to the signing service. This eliminates the network latency involved in uploading a large file and it increases security in the signing process, because the source code does not leave the development environment.