Of all the various flavors of PKI key compromises, key compromise for Code Signing is arguably the worst. A Code Signing key is what software developers use to sign their programs and updates. By signing the software, the developer is providing a cryptographic demonstration that the program is authentic, and that it is intact (it has not been tampered with).
Our devices – our computers, tablets and mobile phones – are designed to trust these signatures and by extension, the software or updates they are affixed to. When malicious software is distributed with trusted signatures however, chaos ensues. If a code signing key is compromised, it allows an attacker to sign malware and our devices will trust it, run it and fall victim to whatever it’s end game may be – whether that’s a high-profile network breach or just stealing CPU power to mine Bitcoin.
So, how do you compromise a key? In reality, this is often due to the failure of the legitimate owner of the private key in securing it accordingly (which is why Code Signing Certificates needs to be secured on adequate cryptographic hardware). But there’s also an option to “brute force” a key, guessing it’s value. Distilled down to its simplest binary form an RSA cryptographic key is just a series of 1s and 0s. A 2,048-bit key is a string of 2,048 1s and 0s. Guessing the value becomes exponentially harder with each bit you add. So longer generally equates to more secure.
That is why, in light of recent code signing compromises, the CA/B Forum has mandated that all Code Signing keys be lengthened to improve their security. So, starting May 31, 2021, all GlobalSign Code Signing keys will now be issued at 4,096-bit lengths. This includes renewals and re-issues, too.
Changes to EV Code Signing
Extended Validation (EV) Code Signing provides the highest level of authentication for signers and gives a reputation boost with the Microsoft SmartScreen filter. One of the requirements for EV Code Signing Certificates is that the signing key must be stored on a physical token or in an HSM. Starting alongside the aforementioned changes to key length, GlobalSign will be providing new tokens that are compatible with 4,096-bit keys.
Unfortunately, the Safenet 5110 FIPS tokens that have historically been used to store EV Code Signing Certificates are NOT compatible with the new, longer signing keys. As a result, anyone re-issuing or renewing their EV Code Signing Certificate will receive an upgraded token for their key – the Safenet 5110 CC (940).
Updates to our Code Signing Timestamping URLs
Timestamping is a critical component of Code Signing. While technically optional, timestamping keeps the cryptographic signatures made by your key valid in perpetuity. Without a timestamp, signatures cease to be trusted when the certificate associated with the signing key expires (within three years).
In accordance with the new requirements around Code Signing, GlobalSign will be making updates to its timestamping services. We have set up a new R6 TSA URL, as well as a new R3 URL to replace our legacy one. TSA Customers should migrate to the new Code Signing timestamping URLs listed below by June 1, 2021. We recommend all customers switch to the new R6 TSA URL.
Effective June 1, 2021, the previous Timestamping URLs that leveraged the R3 root will be deprecated and customers will no longer be able to use them to sign.
As always, we want to thank those of you who have already chosen GlobalSign to be your Code Signing Certificate provider. If you have any questions or concerns please reach out to our Support Team. We are happy to assist you.