Security Considerations for Code Signing

Cooper, David; Regenscheid, Andrew; Souppaya, Murugiah; Bean, Christopher; Boyle, Michael; Cooley, Dorothy; Jenkins, Michael

doi:https://doi.org/10.6028/NIST.CSWP.5

White Paper NIST CSWP 5

Security Considerations for Code Signing

Documentation Topics

Date Published: January 26, 2018

Author(s)

David Cooper (NIST), Andrew Regenscheid (NIST), Murugiah Souppaya (NIST), Christopher Bean (NSA), Michael Boyle (NSA), Dorothy Cooley (NSA), Michael Jenkins (NSA)

Abstract

A wide range of software products (also known as code)—including firmware, operating systems, mobile applications, and application container images—must be distributed and updated in a secure and automatic way to prevent forgery and tampering. Digitally signing code provides both data integrity to prove that the code was not modified, and source authentication to identify who signed the code. This paper describes features and architectural relationships of typical code signing solutions that are widely deployed today. It defines code signing use cases and identifies some security problems that can arise when applying code signing solutions to those use cases. Finally, it provides recommendations for avoiding those problems and resources for more information.

Keywords

application container; code signing; digital signature; firmware; mobile application; operating system; software update

Control Families

System and Information Integrity

Documentation

Publication:
White Paper (DOI)

Supplemental Material:
Local Download (pdf)

Related NIST Publications:
ITL Bulletin

Document History:
01/26/18: White Paper NIST CSWP 5 (Final)

Topics

Security and Privacy
digital signatures

Technologies
mobile; operating systems