Business Need

The client, a financial software provider, wanted to enhance the security and efficiency of their software delivery process. They required a solution to ensure the integrity and authenticity of their software builds, build trust with their banking customers, and implement a centralized, automated code signing process with improved visibility and control.

Business Challenges

The company faced several challenges with their existing code signing process. These included:

• Manual code signing process.
• Decentralized certificate management.
• Lack of visibility and control over code signing.
• Mandate to use Hardware Security Modules (HSM) for code signing certificates.
• Need to sign multiple file types, including legacy OS systems.
• Requirement to integrate with existing CI/CD pipeline.

Business Solution

To address these challenges, the client implemented an on-premises, hash-based code signing solution provided by NuSummit. The solution would provide the following:

1. An on-premises, hash-based code signing solution
2. Centralized server with command-line interface for users
3. Integration with HSM for private key security
4. Support for signing various file types, including container images
5. Easy integration with development and DevOps tools
6. Comprehensive dashboard for visibility and process control
7. Certificate management with expiry notifications

Technology Stack

The solution leveraged a mix of modern technologies and services. These included:

1. Hash signing technology (SHA256 with RSA)
2. Hardware Security Module (HSM) integration
3. Command-line interface
4. Web-based user interface for management and reporting

This tech stack enables secure, efficient, and flexible code signing across the organization.

Project Differentiator

This project stands out due to its innovative use of technology and efficient approach, including:

• Support for a wide variety of file types, including legacy OS systems and container images
• Easy integration with CI/CD tools and development environments
• Enhanced visibility and process control through a comprehensive dashboard
• Centralized certificate management with expiry tracking
• End-to-end solution including HSM integration
• Multi-location support despite on-premises deployment

Business Impact

The implementation of this code signing solution has had significant positive impacts on the client’s operations. These include:

• Enhanced security with centralized control and HSM integration.
• Improved efficiency through automation of the code signing process.
• Better visibility into the code signing process across teams and locations.
• Reduced risk of using expired certificates.
• Seamless integration with existing development and deployment processes.
• Ability to sign all required file types, including legacy systems and container images.

Conclusion

The implementation of the code signing solution addresses critical security needs for the client’s financial software. Given that financial software is often a prime target for hackers, the secure and efficient code signing process is not just a good-to-have but a must-have feature. This solution ensures that the client can maintain the integrity and authenticity of their software releases, building trust with their banking customers while also streamlining their internal processes.